Hello there,
I have question on best practice of logstash, and workspace in kibana.
On my ELK test environment, I have filebeat/nxlog/gelf > logstash > elasticsearch (standard configuration).
-
First, I have a lot of application's logs, and I want send them in each index distinct.
Logstash configuration is a little hard, because if I have a syntax error, or anything else, all logstash crash, so all logs are not collected.
I've think to put a variable in filebeat like index_name, and split all my fields in filebeat, and send them to logstash.
Also, logstash would be very simple, input, and output to es with index = index_name variable.
What do you think about it ? -
Second, I would like to split each applications (log view, and dashboard view, maybe more) in workspaces.
With this, I can create role for production staff to access all workspaces with production applications, and dev role for all workspace dev
In roles, I have to manage workspace, and index rules.
What do you think about it ?
Thanks for your opinion.