I am new to the ELK stack and my issue is that I am using Filebeat to grab logs from one of the servers that we have, however we only want to see logs that are 14 days old or newer. The logs that we are looking at don't seem to be created any special way, as in we have one from today, one from yesterday, then one from August, they're randomly generated it seems. Each log file's lines are dated 20160922, today's date, and they go back as far as the previous file.
Is there a simple way to filter out what files get grabbed and indexed? and then what lines are grabbed and indexed? and lastly it seems as though filebeat isn't incrementally grabbing files but indexing all files everyday, is there a way to change that?
I appreciate any help/ideas!