Shawn Sim
Reputation: 555
One Logstash to Multiple Elasticsearch Indexes with CertainFields
I intend to have one logstash to parse 5 fields and send only certain fields to certain indexes.
Example Field 01 Field 02 Field 03 Field 04 Field 05
index-a Field 01 Field 02 Field 03
index-b Field 01 Field 04 Field 05
Can this be done with just one logstash script?
Upvotes: 0
Views: 175
Answers (1)
sysadmin1138
Reputation: 1303
You're looking for the clone filter. This allows you to duplicate events and tag them differently, allowing different filter and output stages later on.
if [type] == 'cloneable' {
clone {
clones => [ 'squarefile', 'roundfile' ]
}
}
For events that pass the conditional, they will be cloned into new events with the types squarefile and roundfile. Later filter {} and output {} blocks can affect them separately.
Upvotes: 3
Related Questions
- Logstash with Elasticsearch
- Index document to multiple indicies at once from logstash
- Logstash content based filtering, into multiple indexs
- Logstash - specify more than one pipeline
- Indexing multiple indexes in elastic search at the same time
- Logstash output different fields to different elastic search indices
- logstash output to elasticsearch index and mapping
- Combining log entries with logstash
- separate indexes on logstash
- Make logstash add different inputs to different indices