Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
vlarkanov2018-10-25 15:23:28
linux
vlarkanov, 2018-10-25 15:23:28

Logstash: how to create one index per host?

Hello! They come from Filebeat, then Logstash passes them to Elasticsearch. Now a new index is created every day:

input {
beats {
port => 5044
}
}
filter {
date {
match => [ "logdate", "ISO8601" ]
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
# document_type => "%{[@metadata][type]}"
# document_type => "doc"
document_type = > "log"
}
}

This is inconvenient + a large number of indexes has a bad effect on performance.
How to make it so that for each hostname there is a separate index? There are few monitored servers, there will not be a large number of indexes, and it will become more convenient to manage.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Softer, 2018-10-25
@Softer

Probably something like this:
index => "%{host}"

Similar questions
D
DVoropaev2019-06-19 13:12:01
How to send an e-mail message about fallen services? 7Reply
D
DTX2017-01-25 14:08:39
What does the entry >> 2>&1 mean? 2Reply
S
Sergey2019-06-19 21:28:56
How to understand or display processes that are in sleep status? 1Reply
P
Printip2017-01-26 02:25:26
How to run .sh script as root while under another user in one line? 2Reply
A
Athanasius Sidorov2021-02-04 23:51:47
Low-level disk formatting in Linux? 7Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question