https://stackoverflow.com/questions/13671782
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianApply custom tags to the logs as they are put into elasticsearch via grok. Then from your web ui, you can simply filter on those tags to only display logs with those tags.
logstash and elasticlog
-
04-12-2021 - |
Question
I want to index my logs with logstash and elasticsearch.
Here is my problem:
I have two environments :
- production (prod)
- user acceptance (uat)
I'd like to store my logs using one cluster of elasticsearch. How can I separate these two groups of logs?
For example, if I open the logstash web ui on port 9092(for example), I want to be able to look up logs from my prod environment and if I open logstash web ui on port 9093 (for example) I want to be able to look up logs from my uat environment.
Please can you give me advice of how can I implement this?
Solution 2
OTHER TIPS
The easiest way to cluster logs is to append a tag with each log, whether it belongs to the production unit or the user acceptance unit.
You can do it in logstash by:
add_tag=>["production/useracceptance"] based on the type of regular expression it satisfies.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
