Hello,
With the upgrade to version 7.0.0, many fields have been changed for beats agent.
My template have been updated regarding those changes, however I have a problem with my logstash filters.
I created those filters based on the following documentation.
However, in the current documentation, fields have not been updated yet and still uses old fields.
This highlighted the fact that logstash filters can become difficult to maintain for me.
My first question is:
Q1: Is there a way to create logstash filters based on beats fields.yml so that logs can be easily parsed?
There is currently the following script that convert ingest nodes configuration to logstash configuration, but it doesn't seem to work with fields.yml files.
My second question is regarding template management with logstash.
Q2: Is there a way to manage beats template (that is to say with the fields.yml file) directly from logstash using the manage_template option as it seems it only recognize template in json format ?
Thanks