Hi,
As per our architecture our application logs go into /custom_path/app.log and some into /var/log/messages as well. Our ELK version is 5.6.3. We want ship the application logs store on above both files and segregate OS logs from /var/log/messages.
We require indexes to be created based on matched keyword, let say 'app-prod' has to matched from both /custom_path/app.log and /var/log/messages.
Any log that doesn't match 'app-prod' in /var/log/messages should create another index by logstash.