Hi ,
Recently we have configured the ELK cluster but when i start the collecting logs through logstash from three log sources like firewall, cisco router and windows server, i can see that that firewall logs ingested to both cisco router index, windows server index and also firewall index . The same thing has happen with cisco router and windows server. So, can i request anyone who can help me out of this situation.
Regards
Anirban
I would guess that you are using Logstash and have multiple configuration files. Be aware that Logstash by default merges all files into a single pipeline and that data from all input will go to all outputs unless you control the flow using conditionals or define separate pipelines in pipelines.yml.
Thanks a lot Christian, you are correct and let me try with defining different pipeline in the pipeline.yml file
Thanks a lot Christian, you are correct and let me try with defining different pipeline .
Thanks my issue has been resolved, after doing some modification in logstash.yml file because it is ignoring the pipeline.yml file
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.