Hi Jagoba,
unfortunately separating indices by different data types is currently not
possible with Graylog.
We'll tackle this in a future release but for now you're stuck with using
type prefixes directly in the field names.
Cheers,
Jochen
On Thursday, 1 September 2016 13:59:02 UTC+2, Jagoba Gascón wrote:
>
> Hi,
>
> We are currently working with the ELK stack and decided to give Graylog2 a
> try (kibana doesn't fit our needs). So far, everything was working good,
> but we are having trouble "separating" data received from Logstash.
>
> With elasticsearch we were storing different type of logs in different
> indexes using some metadata: *index => "%{type}-%{+YYYY.MM.dd}"*
>
> I think the correct way of doing this is using Graylog's inputs (correct
> me if I'm wrong), so I would like to know if there is a way of having a
> single gelf output in Logstash but multiple inputs in Graylog. Or what
> would be the best solution to do this the "Graylog way".
>
> So far we have managed make it work using different ports, but I'm not
> sure if its the best way of doing this:
>
> output {
>
> if [type] == "application-log" {
>
> gelf {
>
> host => "localhost"
>
> port => 12201
>
> }
>
> }
>
> if [type] == "tomcat-access-log" {
>
> gelf {
>
> host => "localhost"
>
> port => 12202
>
> }
>
> }
>
> }
>
> Thanks in advance.
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/c3937db8-03a6-4706-bdb0-39771f249194%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
