How to send logs from multiple servers to ELK server

Asked Jan 27 '21 at 14:37

Active Jan 27 '21 at 14:37

Viewed 630 times

I have a server in which ELK installed, On other end i have 2 source servers which sending logs to ELK server through filebeat. But the issue is both server's logs showing on same page on kibana. which is too complicated to identify which log is coming from which server! How multiple server's logs show separate on kibana.

Following are my logstash.conf:

input {
  beats {
    port => 5044
  }
}

# Used to parse syslog messages and send it to Elasticsearch for storing
filter {
  if [type] == "syslog" {
     grok {
        match => { "message" => "%{SYSLOGLINE}" }
  }
     date {
        match => [ "timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
     }
  }
}
# Specify an Elastisearch instance
output {
  Elasticsearch {
    hosts => ["localhost:9200"]
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
  }
}

asked Jan 27 '21 at 14:37

huzaifa224

Basicly you must have a hostname in field (host.name or something like that depending of your filebeat conf). This field could be use to filter the log by host. – YLR Jan 27 '21 at 15:02
I have putt my Logstash server's IP as a host.name in my filebeat.yml file – huzaifa224 Jan 27 '21 at 15:12

How to send logs from multiple servers to ELK server

0 Answers0