paths:
- /var/log/*.log
The output is elasticsearch. the logs are already formatted in json, I just want index to reflect where the logs come from. In my scenario, anyone may put a file abcd.log in the logs folder. I want these logs to be sent to index abcd-19.05.2016 or something like that. Since the logs are preformatted, we dont want any logstash in between.
In filebeat beta1 you have some more control over configuring the index using format strings and conditionals. But there is no way in parsing and munging/changing any field to your likings. I wonder of ingest node support in ES can be used to do the manipulations required. As far as I know, ingest node allows changing an events index.
One can set additonal hints in prospectors by adding custom fields/tags per prospector.
This topic was automatically closed after 21 days. New replies are no longer allowed.