0

i'm new user to logstash and kibana i try to view my logs in kibana separated depend on there folder i run logstash service contain my pipe as below

input {
 file {
  { type => "STAGE-LOG-ADMIN"
    path => "C:\Users\elkstask-master\stage-logs\admin/*.log"},
 tags => ["ADMIN"] }
 file {
  { type => "STAGE-LOG-MS02" 
    path => "C:\Users\elkstask-master\stage-logs\ms02/*.log"},
 tags => ["MS02"] }
 file {
  { type => "custom" 
    path => "C:\Users\elkstask-master/*.log"}, 
 tags => ["custom"]
 }
}

output {
 if "ADMIN" in [tags] {
   elasticsearch {
         hosts => "localhost:9200"
         index => "ADMIN"
         document_type => "ADMIN-%{+YYYY.MM.dd}"
        }
    } 
    if "MS02" in [tags] {
        elasticsearch {
            hosts => "localhost:9200"
            index => "MS02"
            document_type => "MS02-%{+YYYY.MM.dd}"
        }
    }
    if "custom" in [tags] {
        elasticsearch {
            hosts => "localhost:9200"
            index => "custom"
            document_type => "custom-%{+YYYY.MM.dd}"
        }
     }
 }

but the output in kibana show all my logs how to show it separated by folder

Ayman Ali
  • 211
  • 2
  • 12
  • Why don't you just use the type to filter in the if statement? Checks this suggested solution: https://stackoverflow.com/a/27147688/8214868. In addition, using an if-else statement would avoid some unnecessary checks. – Drubio Mar 04 '19 at 12:19
  • i have tried it but it doesn't work and kibana couldn't see my index actually i don't know why – Ayman Ali Mar 04 '19 at 14:09
  • What do you mean by the "output in Kibana"? Do you mean in "Discover"? If yes, what index filter do you have? Is it some visualization? Or is it all loaded into one index? Can you check what does GET _cat/indices?v&s=index return in "Dev Tools"? – mihomir Mar 06 '19 at 08:17

0 Answers0