Using one logstash to monitor log with multiple rules

I want to monitor all log of a web server with one logstash.but this log has multiple rules.
Now I use the ruby plug-in to match different log rules and output json.Then the json goes into elasticSearch,because of the json has multiple rules,so i don't konw how to mapper field into elasticSearch,how can i deal with it? thank you!

What do you mean by rules? If you can show us sample data and configuration rather than try to explain it, it will probably be a lot easier for someone to understand and help.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.