How to include a server identifier in nxlog output and reference it in logstash

Question

If I have nxlog running on multiple IIS servers (say web1, web2, web3, web4). How can I add an identifier to the nxlog output which is being sent to logstash.

Then within logstash I want to create a custom index with the server identifier (ex %{server_id})

output { 
    elasticsearch_http { 
        host => "localhost" 
        port => 9200
        index => "%{server_id}-logstash-%{+YYYY.MM.dd}"
    }
}

I would suggest that you put all similar nodes into the same index. It will make it easier for you in Kibana. You can always put a Filter on to select a single. Otherwise, you would have to make sure you add all of the index patterns (web1-*, web2-* etc) to Kibana's configured list of indexes. — Cameron Kerr, Apr 22 '15 at 11:55
I suggest that you ship the logs as JSON from NXLOG to Logstash, and try and standardise on JSON (where possible) as the preferred injestion format for entrance into Logstash. It gives you a cleaner way to add useful information from the client without adding complexity on the server-side. — Cameron Kerr, Apr 22 '15 at 11:59

score 1 · Answer 1 · answered Oct 08 '14 at 18:32

1

In the Output element you are using to send to logstash, add:

   Exec $Hostname = '<ServerHostname>';

answered Oct 08 '14 at 18:32

Sean Summers

199
1
4

But you'll want to do that _before_ converting the output to JSON (if you go that route). – Cameron Kerr Apr 22 '15 at 11:59

How to include a server identifier in nxlog output and reference it in logstash

1 Answers1