I have setup ELK running fine. I have filebeat feeding log data via logstash then into Elasticsearch indice. This setup create one logstash index per-day . The challenge now is to find ways to break down the indices into smaller ones by field values (e.g. LOGLEVEL, etc). Is it possible? If so, how?
Later on, I also like to explore using rollup feature to summarize/aggerate records to have fewer data points to retrieve when querying an large time window (but that will be a different project).
