How Can I Change The Index Names From Logstash-*

Source: logit.io

How Can I Change The Index Names From Logstash-*

Category: Data

October 12th 2020Getting Started 2 min read Tip: To edit your Logstash filters for any Stack choose View Stack Settings > Logstash Pipelines from your Dashboard. If your sending your data via an Elastic beat such as Filebeat your condition should be: mutate { replace => {"[@metadata][beat]" => “YOURINDEXNAME” }}

if[FIELD] == "CONDITION"{ mutate { add_field => {"[@metadata][beat]" => "YOURINDEXNAME"} }}

So if you wanted to have your IIS logs in their own index you could add: if[type] == "iis"{ mutate { add_field => {"[@metadata][beat]" => "iis"} }}
Read Full Article On logit.io
Shirts painstakingly handcrafted by under-caffeinated developers.

Related Articles

Analytics will be available on TFS 2019 RC1 – Want to help us test it? – Microsoft DevOps Blog
Analytics will be available on TFS 2019 RC1 – Want to help us test it? – Microsoft DevOps Blog
Splunk Aims to Trigger DevOps Processes
Splunk Aims to Trigger DevOps Processes
Security Ratings Explained
Security Ratings Explained
Community Partners
CrowdSec
Autonomous.ai | Best Standing Desks & Ergonomic Office Chairs

Mailjet

Namecheap

Become a Partner?
DevOps Careers
    • Add a Job?