Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
706 views
in Technique[技术] by (71.8m points)

elasticsearch - How to create multiple indexes in logstash.conf file?

I used the following piece of code to create an index in logstash.conf

output {  
    stdout {codec => rubydebug}  
    elasticsearch {  
        host => "localhost"  
        protocol => "http"  
        index => "trial_indexer"   
    }
} 

To create another index i generally replace the index name with another in the above code. Is there any way of creating many indexes in the same file? I'm new to ELK.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You can use a pattern in your index name based on the value of one of your fields. Here we use the value of the type field in order to name the index:

output {  
    stdout {codec => rubydebug}  
    elasticsearch {  
        host => "localhost"  
        protocol => "http"  
        index => "%{type}_indexer"   
    }
} 

You can also use several elasticsearch outputs either to the same ES host or to different ES hosts:

output {  
    stdout {codec => rubydebug}  
    elasticsearch {  
        host => "localhost"  
        protocol => "http"  
        index => "trial_indexer"   
    }
    elasticsearch {  
        host => "localhost"  
        protocol => "http"  
        index => "movie_indexer"   
    }
} 

Or maybe you want to route your documents to different indices based on some variable:

output {  
    stdout {codec => rubydebug}
    if [type] == "trial" {
        elasticsearch {  
            host => "localhost"  
            protocol => "http"  
            index => "trial_indexer"   
        }
    } else {
        elasticsearch {  
            host => "localhost"  
            protocol => "http"  
            index => "movie_indexer"   
        }
    }
} 

UPDATE

The syntax has changed a little bit in Logstash 2 and 5:

output {  
    stdout {codec => rubydebug}
    if [type] == "trial" {
        elasticsearch {  
            hosts => "localhost:9200"  
            index => "trial_indexer"   
        }
    } else {
        elasticsearch {  
            hosts => "localhost:9200"  
            index => "movie_indexer"   
        }
    }
} 

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...