Use filebeat collect system logs, logs of different applications, then these logs transferred to Logstash, and then handed over to elasticsearch handled, how to distinguish different log sources it?
- filebeat.yml module configuration file does not start, all of the following ways output log
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/logstash/logstash-plain.log
fields:
log_source: logstash
fields_under_root: true
multiline.pattern: ^\d{4}-\d{1,2}-\d{1,2}
multiline.negate: true
multiline.match: after
scan_frequency: 5s
close_inactive: 1h
ignore_older: 24h
Under 2.logstash directory conf.d / *. Conf log_source profile based on the values of different indexes generated index different
specific parameters may also be increased, the filter condition may also be provided
output {
if [log_source] == "logstash" {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "logstash-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
}