output { #Ciso ASA if [type] == "cisco-fw" { elasticsearch { h

1. output {
2. #Ciso ASA
3. if [type] == "cisco-fw" {
4. elasticsearch {
5. hosts => ["***.***.***.***"]
6. index => "asa-%{+YYYY.MM.dd}"
7. }
8. }
9.  
10. #filebeat syslog, web-server, and authlog
11. if [type] == "syslog" or "web-server" or "authlog" {
12. elasticsearch {
13. hosts => ["***.***.***.***"]
14. sniffing => true
15. manage_template => false
16. index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
17. document_type => "%{[@metadata][type]}"
18. }
19. }
20. } #end