Logstash 1.2.1 config
Should add the log events to different elasticsearch indices based on the logsource field
output {
if [fields][logsource] =~ /^foobar/ {
# only server foobar01 and foobar1338
elasticsearch {
host => "<%= elasticsearch_host %>"
cluster => "my_es_cluster"
node_name => "logstash@<%= fqdn %>"
index => "foobar-%{+YYYY.MM.dd}"
}
} else {
# everything else
elasticsearch {
host => "<%= elasticsearch_host %>"
cluster => "my_es_cluster"
node_name => "logstash@<%= fqdn %>"
index => "logstash-%{+YYYY.MM.dd}"
}
}
}
Link to logstash-user mailing list
https://groups.google.com/forum/#!topic/logstash-users/6Hh8M_RgXgg