Depending on the source log generated different index index

Use filebeat collect system logs, logs of different applications, then these logs transferred to Logstash, and then handed over to elasticsearch handled, how to distinguish different log sources it?

1. filebeat.yml module configuration file does not start, all of the following ways output log

filebeat.inputs:

- type: log
  enabled: true
  paths:
    - /var/log/logstash/logstash-plain.log
  
  fields:
    log_source: logstash
  fields_under_root: true

  multiline.pattern: ^\d{4}-\d{1,2}-\d{1,2}
  multiline.negate: true
  multiline.match: after

  scan_frequency: 5s
  close_inactive: 1h  
  ignore_older: 24h

Under 2.logstash directory conf.d / *. Conf log_source profile based on the values of different indexes generated index different
specific parameters may also be increased, the filter condition may also be provided

output {

  if [log_source] == "logstash" {
    elasticsearch {
      hosts => ["http://localhost:9200"]
      index => "logstash-%{+YYYY.MM.dd}"
      #user => "elastic"
      #password => "changeme"
    }
  }
}