How to send logs from specific source to specific index

I’m trying to send logs from specific source to specific index.
So in logstash.conf i did the following:

input {                                                                                                                                                                             
 gelf {                                                                                                                                                                             
    port => 12201                                                                                                                                                                   
#    type => docker                                                                                                                                                                 
    use_tcp => true                                                                                                                                                                 
    tags => ["docker"]                                                                                                                                                              

filter {
if "test_host" in [_source][host] {                                                                                                                                              
   mutate { add_tag => "test_host"}                                                                                                                                              

output {
   if "test_host" in [tags] {                                                                                                                                               
   stdout { }                                                                                                                                                                       
   opensearch {                                                                                                                                                                     
    hosts => ["https://opensearch:9200"]                                                                                                                                      
    index => "my_host_index"                                                                                                                                                              
    user => "administrator"                                                                                                                                                                 
    password => "some_password"                                                                                                                                                     
    ssl => true                                                                                                                                                                     
    ssl_certificate_verification => false                                                                                                                                           

But unfortunately it’s not working.
What am i doing wrong?


Hi @AndreyB - is there any output from Logstash that you could share here? The configuration looks syntactically correct to me, perhaps we could deduce a bit from the behavior.

Are events from the gelf plugin at least making it to STDOUT? Or do they not even make it to the output stanza? If its the latter, I suspect the if conditional might not be correct.

Share with us what you can for a bit more clarification - I’d love to help out here.