Actually, my whole log file is json format, and, I don't use any grok, I just log it into the file and logstash gets the json and sends to elasticsearch, indexing everything. In this case, what do you think I could do?
Em domingo, 22 de março de 2015 19:40:07 UTC-3, Mark Walkom escreveu: > > If you are using LS to parse things then you probably want to define your > values - ie string, int - in a grok, then output them into different > indices. This will keep them separate. You can then also add a mapping to > further enhance things. > > In your case it makes sense to just have a forwarder send to a central LS > instance where the processing is done. > > On 22 March 2015 at 14:15, Gabriel Francisco <[email protected] > <javascript:>> wrote: > >> Hi, I have some plans about using Logstash + Elasticsearch + Kibana at my >> company, and I have some questions. >> >> First of all, if I want to use a central elasticsearch cluster for >> several application logs, is there a way to define a schema per >> application? I mean, if one app uses an index typed as String and another >> app uses the same index as a number, that could be a problem, is that >> right? Is there a way to handle it? >> >> Second, we are planning to use one logstash and several logstash >> forwarders, but, if the applications had different filters, is it a problem >> to have a central logstash to handle all the logs and send to >> elasticsearch? Should we use one logstash per application? >> >> Waiting for an answer, thanks in advance! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "elasticsearch" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/elasticsearch/24343b9e-b40b-4816-9f8a-9c76999233f9%40googlegroups.com >> >> <https://groups.google.com/d/msgid/elasticsearch/24343b9e-b40b-4816-9f8a-9c76999233f9%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/48016337-7dfc-404a-b746-4bd5d343269e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
