英文:
How to differentiate file and udp in Logstash output section?
问题
I'm new to Elasticsearch and Logstash.
在Logstash配置文件中,如果我同时将“file”和“udp”作为输入的源,如何在输出中区分它们?
例如:
input {
file {
path => ["/sample/data.log"]
}
udp {
port => 9999
}
}
如何编写输出部分以区分它们,以便将它们保存到Elasticsearch的两个不同索引中?
英文:
I'm new to Elasticsearch and Logstash.
In the Logstash conf file, if I have both "file" and "udp" as the source of the input, how do I differentiate them in the output?
For example:
input {
file {
path => ["/sample/data.log"]
}
udp {
port => 9999
}
}
How do I write the output part to differentiate them so I can save them in two different indices of Elasticsearch?
答案1
得分: 1
You can simply tag each document coming in from each input
input {
file {
path => ["/sample/data.log"]
tags => ["file"]
}
udp {
port => 9999
tags => ["udp"]
}
}
output {
if "file" in [tags] {
elasticsearch {
index => "file-index"
...
}
}
else if "udp" in [tags] {
elasticsearch {
index => "udp-index"
...
}
}
}
英文:
You can simply tag each document coming in from each input
input {
file {
path => ["/sample/data.log"]
tags => ["file"]
}
udp {
port => 9999
tags => ["udp"]
}
}
output {
if "file" in [tags] {
elasticsearch {
index => "file-index"
...
}
}
else if "udp" in [tags] {
elasticsearch {
index => "udp-index"
...
}
}
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论