Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
vlarkanov2018-10-25 15:23:28
linux
vlarkanov, 2018-10-25 15:23:28

Logstash: how to create one index per host?

Hello! They come from Filebeat, then Logstash passes them to Elasticsearch. Now a new index is created every day:

input {
beats {
port => 5044
}
}
filter {
date {
match => [ "logdate", "ISO8601" ]
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
# document_type => "%{[@metadata][type]}"
# document_type => "doc"
document_type = > "log"
}
}

This is inconvenient + a large number of indexes has a bad effect on performance.
How to make it so that for each hostname there is a separate index? There are few monitored servers, there will not be a large number of indexes, and it will become more convenient to manage.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Softer, 2018-10-25
@Softer

Probably something like this:
index => "%{host}"

Similar questions
K
khataev2014-08-03 22:45:16
What is missing to display an image as the background of an html page? 4Reply
S
Stanislav Oskolkov2016-08-28 17:59:46
OpenWRT - Domain filtering / WhiteList with a web interface. Whether there is a? 2Reply
A
Anton Sashnin2016-09-03 12:17:12
Question about IIS on Windows Server 2012 R2. How to close CNA browser? 2Reply
I
ivprokofyev2020-10-25 11:38:30
Why feeds query performance to PostgreSQL? 6Reply
G
German2019-01-13 19:06:09
make error, dnet.h not found? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question