Hi, We are currently working with the ELK stack and decided to give Graylog2 a try (kibana doesn't fit our needs). So far, everything was working good, but we are having trouble "separating" data received from Logstash.
With elasticsearch we were storing different type of logs in different indexes using some metadata: *index => "%{type}-%{+YYYY.MM.dd}"* I think the correct way of doing this is using Graylog's inputs (correct me if I'm wrong), so I would like to know if there is a way of having a single gelf output in Logstash but multiple inputs in Graylog. Or what would be the best solution to do this the "Graylog way". So far we have managed make it work using different ports, but I'm not sure if its the best way of doing this: output { if [type] == "application-log" { gelf { host => "localhost" port => 12201 } } if [type] == "tomcat-access-log" { gelf { host => "localhost" port => 12202 } } } Thanks in advance. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/7778fdb3-5043-4436-a529-805fec1a71f6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.