Hi, I'm trying to use the template option of the ES output plugin but I'm parsing 2 types of logs... traditional logs and another type called aws_billing_hourly.
I tried to put them together in the json template but logstash seem to ignore the 2nd one... what am I doing that's wrong ?
elasticsearch-template.json
Is it not the proper way to define multiple template ?
The first and immediate problem is that your template file isn't valid JSON.
You can certainly list mappings for multiple types in the same index template, but you can't have multiple index patterns. For that you need separate templates, and you can support that by splitting your elasticsearch output in two or by managing your templates outside of Logstash (and set `manage_template => false" for your elasticsearch outputs).
Correct. But we are discouraging this in favour of putting different types in different indices.
Ok, I was kind of reluctant putting some logic on the template to use but it seems like the best solution for my problem...
Thanks for your help