问题描述
我使用以下代码在logstash.conf中创建索引
I used the following piece of code to create an index in logstash.conf
output {
stdout {codec => rubydebug}
elasticsearch {
host => "localhost"
protocol => "http"
index => "trial_indexer"
}
}
要创建另一个索引,我通常将索引名称与上述代码中的另一个。有没有办法在同一个文件中创建许多索引?我是ELK的新人。
To create another index i generally replace the index name with another in the above code. Is there any way of creating many indexes in the same file? I'm new to ELK.
推荐答案
您可以根据您的一个字段的值在索引名称中使用模式。这里我们使用类型字段的值来命名索引:
You can use a pattern in your index name based on the value of one of your fields. Here we use the value of the type field in order to name the index:
output {
stdout {codec => rubydebug}
elasticsearch {
host => "localhost"
protocol => "http"
index => "%{type}_indexer"
}
}
您还可以使用几个 elasticsearch 输出到同一个ES主机或不同的ES主机:
You can also use several elasticsearch outputs either to the same ES host or to different ES hosts:
output {
stdout {codec => rubydebug}
elasticsearch {
host => "localhost"
protocol => "http"
index => "trial_indexer"
}
elasticsearch {
host => "localhost"
protocol => "http"
index => "movie_indexer"
}
}
或者也许你要路由你的文件基于一些变量的不同索引:
Or maybe you want to route your documents to different indices based on some variable:
output {
stdout {codec => rubydebug}
if [type] == "trial" {
elasticsearch {
host => "localhost"
protocol => "http"
index => "trial_indexer"
}
} else {
elasticsearch {
host => "localhost"
protocol => "http"
index => "movie_indexer"
}
}
}
更新
Logstash 2和5中的语法有所改变:
The syntax has changed a little bit in Logstash 2 and 5:
output {
stdout {codec => rubydebug}
if [type] == "trial" {
elasticsearch {
hosts => "localhost:9200"
index => "trial_indexer"
}
} else {
elasticsearch {
hosts => "localhost:9200"
index => "movie_indexer"
}
}
}
这篇关于如何在logstash.conf文件中创建多个索引?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!