Logstash: How to have two elasticsearch outputs for same input?

Asked Jan 15 '20 at 11:45

Active Jan 15 '20 at 11:45

Viewed 101 times

I want to output the same logging to two elastic search indecies. I always want the logging to the default (first) output, but I also want it to log to another index if the message type is of foo_message. When we run the following I only get the output to the second index when the type is foo_message and never to the default output.

I have seen other answers that do a similar thing, for example the answer to this thread.

What am I doing wrong? I am using Logstash&Elasticsearch v6.7.0

output {
    stdout { codec => rubydebug } 

    elasticsearch {
        hosts => ["127.0.0.1:9200"]
        index => "%{[@metadata][es.indexname]}-%{+YYYY.MM.dd}"
    }

    if [@metadata][message_type] == "foo_message" {
        elasticsearch {
            hosts => ["127.0.0.1:9200"]
            index => "%{[@metadata][es.indexname.foo]}-%{+YYYY.MM.dd}"
        }   
    }
}

asked Jan 15 '20 at 11:45

Freece

2

Can you add `--debug` when running Logstash so that we can see what's happening in the log? – Val Jan 15 '20 at 12:07
I will try that thank you. – Freece Jan 16 '20 at 07:12

Logstash: How to have two elasticsearch outputs for same input?

0 Answers0