If I have specified a number of logfiles from which to harvest entries, something like this:
filebeat.inputs: - type: log enabled: true paths: - /var/log/messages - /var/log/secure - /var/log/syslog - /opt/someapp/logs/audit.log - /opt/someapp/logs/debug.log - /opt/otherapp/logs/audit.log - /opt/otherapp/logs/debug.log
...and, ultimately, no otherapp is actually running on the host Filebeat is installed on, am I paying a penalty for this? I.e.: will Filebeat churn (waste cycles) looking over and over again for logs on the (unused) path /opt/otherapp/logs/ because I listed it? Is it a poor practice to "over-specify" logfile source paths?
I ask this because I want to (be lazy and) avoid having to write multiple versions of filebeat.yml and be careful about which host I install which version on. In my case, I'll really have at least three potentially different versions of filebeat.yml, maybe more.