I'm trying to send my Apache access & error logs to Logstash, and found the various resources a bit confusing as it's all a bit new to me; I'd appreciate some clarifications:
Is there a way to use Syslog input plugin directly from Apache (i.e. without a syslog server in between)? If so, how do I configure Apache to send the logs to the TCP/UDP ports opened by Logstash?
Is syslog even the best option in this case? I want to use containers, so I was wondering if using file input (or any other input plugin) might be better? We need to use Grok, if it makes a difference.