Best practices for logstash/beat configs when porting rules to elastic from legacy NMS

I'm brand new to elastic, and contemplating a POC for offloading to and/or full replacement of our legacy NMS systems. This could mean porting 100,000s or even millions of lines of legacy code to logstash filters.

For example, with SNMP, can the filters that tokenize traps from 1000s (or more) separate enterprises be contained in individual files and, in some way, included? Or would this require all filter logic in one massive file? Also, what best practices, if any, exist for designing the aforementioned SNMP example?

Thanks in advance,

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.