Hi,
I'm importing postgreSql logs where the log format is different to what the filebeat->postgresql module is set to ingest, so elasticsearch contains none of the postgresql specific fields just the message and the default metadata fields. How can I modify the ingestion so that the postgresql fields are imported as well? I have created a grok filter suitable for my log files. Is there a way to add this grok filter to the filebeat->posgresql module? Will I need to apply the grok filter in logstash? Or is there a way to modify the data in elasticsearch?
Thank you for your help