Hi,
We are currently working with the ELK stack and decided to give Graylog2 a
try (kibana doesn't fit our needs). So far, everything was working good,
but we are having trouble "separating" data received from Logstash.
With elasticsearch we were storing different type of logs in different
indexes using some metadata: *index => "%{type}-%{+YYYY.MM.dd}"*
I think the correct way of doing this is using Graylog's inputs (correct me
if I'm wrong), so I would like to know if there is a way of having a single
gelf output in Logstash but multiple inputs in Graylog. Or what would be
the best solution to do this the "Graylog way".
So far we have managed make it work using different ports, but I'm not sure
if its the best way of doing this:
output {
if [type] == "application-log" {
gelf {
host => "localhost"
port => 12201
}
}
if [type] == "tomcat-access-log" {
gelf {
host => "localhost"
port => 12202
}
}
}
Thanks in advance.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/7778fdb3-5043-4436-a529-805fec1a71f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
