Aishwarya
Reputation: 302
Logstash index based on filter
Hi I am reading stdout and filtering both apache and application logs using logstash as below
input {
beats {
port => 5044
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
json {
source => "message"
}
}
output { elasticsearch { hosts => "http://elasticsearch-master:9200"} }
These logs are reaching the elastic search properly, however how can i give a seperate index in es for apache and application log in logstash output here?
Upvotes: 1
Views: 450
Answers (1)
sudhagar ramesh
Reputation: 124
You can separate those in input plugin by using "type" . you can try the below Note: Assuming that the log is apache logs
input {
beats {
port => 5044
#assuming that your log is apache
type => "apache"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
json {
source => "message"
}
}
output {
stdout {codec => rubydebug}
if [type] == "apache" {
elasticsearch {
hosts => "http://elasticsearch-master:9200"
index => "apache_index"
}
}
else {
elasticsearch {
hosts => "http://elasticsearch-master:9200"
index => "application_index"
}
}
}
Keep Posted !!! Thanks !!!
Upvotes: 0
Related Questions
- Logstash with Elasticsearch
- Logstash content based filtering, into multiple indexs
- Logstash split filter
- Filtering logstash input
- using elasticsearch filter in logstash pipeline
- logstash 5 ruby filter
- Filter Queries For Elasticsearch from Logstash
- Logstash Filter on Specific Values
- Logstash-Elastic search
- Logstash Indexing