Using Filebeat to send different logs and differentiating in Kibana

Maduranga · October 25, 2021, 1:01pm

Hello,

I am looking for guidance to get started with ELK stack with Filebeat.
I am using Elastic cloud with my servers using Filebeat to send logs directly to the Elastic cloud.

I can get the log stream and see the stream in Kibana.
Now I want to know how I can send multiple streams and differentiate them.

For example, I have two servers. Each server has its own Filebeat streaming logs.
Each server has an application log and an Nginx log that I want to send to Elastic.

My question is, what is the correct way to configure these log streams, so I can differentiate them in Kibana.

I understand I am asking quite a fundamental question. There are many concepts in ELK and I am a bit lost. Would really appreciate if I can get some guidance on how to get started.

riferrei · October 25, 2021, 4:54pm

Hi @Maduranga,

First of all — in the Elastic community — you're more than welcome to ask fundamental questions. In fact, those are usually the best ones

You can differentiate your log streams via tags. You can add the add_tags processor to your Filebeat configuration that can add custom tags to the events generated. Though the add_tags processor should be enough for your needs, you may also want to take a look into the add_host_metadata one.

— @riferrei

system · November 22, 2021, 4:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.