Using beats and send logstash


(bob_bza) #1

I was new not ELK, sending logs from multiple beats to single logstash with same tag, but was not able to see all the beats hosts in kibana.
for ex: i was sending 5beats to 1logstash with same tag name. but can see only first beat logs but rest other beats i was not able to see. this was syntax i was using.

input {
beats {
port => 5044
tags => [ "kafka" ]
}
output {
if "kafka" in [tags] {
elasticsearch {
action => "index"
hosts => "elasticsearch:80"
index => "kafka"
}
}


(Steffen Siering) #2

Which beats and logstash version are you using? Which logstash input beats plugin? Have you checked beats and logstash logs?

Why use tags and and if "kafka" in [tags] in order to send to "kafka" index? While ok, this pattern doesn't scale this well.


(system) #3

This topic was automatically closed after 21 days. New replies are no longer allowed.