Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to create multiple indexes in logstash.conf file?

Tags:

elasticsearch

logstash

kibana

I used the following piece of code to create an index in logstash.conf

output {  
    stdout {codec => rubydebug}  
    elasticsearch {  
        host => "localhost"  
        protocol => "http"  
        index => "trial_indexer"   
    }
}

To create another index i generally replace the index name with another in the above code. Is there any way of creating many indexes in the same file? I'm new to ELK.

like image 713
kavya Avatar asked Nov 20 '15 06:11

kavya

People also ask

How do you create multiple indices in Elasticsearch?

Elasticsearch provides bulk api but it only supports index , create , delete and update operations over already created indexes. We cannot create multiple new indexes at once.

Can Elasticsearch have multiple indexes?

Elasticsearch features a powerful scale-out architecture based on a feature called Sharding. As document volumes grow for a given index, users can add more shards without changing their applications for the most part. Another option available to users is the use of multiple indexes.

How do I run multiple Logstash config files?

You either want something similar to what @ITIC suggested, or you simply want to run the logstash instance once and have all your conf files be run. And then simply run logstash without any additional option (like bin/logstash from the logstash directory). It'll run all the pipelines specified in the pipelines.

1 Answers

You can use a pattern in your index name based on the value of one of your fields. Here we use the value of the type field in order to name the index:

output {  
    stdout {codec => rubydebug}  
    elasticsearch {  
        host => "localhost"  
        protocol => "http"  
        index => "%{type}_indexer"   
    }
}

You can also use several elasticsearch outputs either to the same ES host or to different ES hosts:

output {  
    stdout {codec => rubydebug}  
    elasticsearch {  
        host => "localhost"  
        protocol => "http"  
        index => "trial_indexer"   
    }
    elasticsearch {  
        host => "localhost"  
        protocol => "http"  
        index => "movie_indexer"   
    }
}

Or maybe you want to route your documents to different indices based on some variable:

output {  
    stdout {codec => rubydebug}
    if [type] == "trial" {
        elasticsearch {  
            host => "localhost"  
            protocol => "http"  
            index => "trial_indexer"   
        }
    } else {
        elasticsearch {  
            host => "localhost"  
            protocol => "http"  
            index => "movie_indexer"   
        }
    }
}

UPDATE

The syntax has changed a little bit in Logstash 2 and 5:

output {  
    stdout {codec => rubydebug}
    if [type] == "trial" {
        elasticsearch {  
            hosts => "localhost:9200"  
            index => "trial_indexer"   
        }
    } else {
        elasticsearch {  
            hosts => "localhost:9200"  
            index => "movie_indexer"   
        }
    }
}
like image 82
Val Avatar answered Oct 22 '22 13:10

Val
Sign in to Comment

Related questions

Laravel 5.2 validation errors
Runtime of python's if substring in string
Transition UIButton image from one image to another
TensorFlow: Opening log data written by SummaryWriter
Display content under toolbar
Efficiency of services like Cloudinary, Imgix
Implement Hashmap with different value types in Kotlin
Socket.io emit on Express Route
Intersection of two lists including duplicates?
Sort version-dotted number strings in Javascript?
Extract numbers from a field in PostgreSQL
How to create an application-specific config file for TypeScript?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!