I am new to ELK, and I have tried to integrate some sources with ELk, I have integrated 'Microsoft DNS logs' and 'Fortigate' using Logstash config.
My question here is that what is best practice for logstash configuration i.e to create tow separate config files for dns and fortigate and others or one config file for all sources and by using filter to differentiate.
I think https://www.elastic.co/guide/en/logstash/current/multiple-pipelines.html would be the best option.
so according to this link, I should create multiple pipelines with different config files right?
Yep. You can create a single file, but then you need to manage a tonne of conditionals.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.