How to handle multiple heterogeneous inputs with Logstash?

Should I run as many instances as I have different types of logs?

No! You can only run one instance to handle different types of logs.

In the logstash configuration file, you can specific each input with different type. Then in the filter you can use if to distinct different processing,and also at the output you can use "if" output to different destination.

input {    file {            type => "technical"            path => "/home/technical/log"    }    file {            type => "business"            path => "/home/business/log"    }} filter {    if [type] == "technical" {            # processing .......    }    if [type] == "business" {            # processing .......    }}output {    if [type] == "technical" {            # output to gelf    }    if [type] == "business" {            # output to elasticsearch    }}

Hope this can help you :)

I used tags for multiple file input:

input {    file {        type => "java"        path => "/usr/aaa/logs/stdout.log"        codec => multiline {            ...        },        tags => ["aaa"]    }    file {        type => "java"        path => "/usr/bbb/logs/stdout.log"        codec => multiline {                ...        }        tags => ["bbb"]    }}output {    stdout {        codec => rubydebug    }    if "aaa" in [tags] {        elasticsearch {            hosts => ["192.168.100.211:9200"]            index => "aaa"            document_type => "aaa-%{+YYYY.MM.dd}"        }    }    if "bbb" in [tags] {        elasticsearch {            hosts => ["192.168.100.211:9200"]            index => "bbb"            document_type => "bbb-%{+YYYY.MM.dd}"        }    }}

I think logstash can't read more than 2 files in Input section . try the below

input {    file {            type => "technical"            path => "/home/technical/log"    }    file {            type => "business"            path => "/home/business/log"    } file {            type => "business1"            path => "/home/business/log1"    }}