I'm new to Logstash and need some guidance on input from multiple log files.
I would like to send all of my logs (i.e. messages, secure, httpd ...) to ELK.
What I have found is that if I sent them through rsyslog they will endup as a one collective stream in Kibana/Elastic.
How do I divide them to be recognised as messages,secure httpd, and so on. as the moment they all are tagged as type: syslog.
Do I need to create multiple config files with different filters on input? But then do I need to send every single file to a different port?
What's the best practice in this case?