I currently have a system that sending some custom audit data from a spring boot application to elastic by using a custom logger to filter the data through logstash.
We would like to modify that process to instead log that data to a file and send it to elastic directly using Filebeats.
The catch is this audit data uses some information passed into it from the application to determine what index to user as well as document id and whether to do an update or a post.
Currently a log file entry would like similar to the following:
{"@timestamp":"2018-10-01T14:40:41.712+00:00","@version":"1","message":"{"data":"dataIWantToStore"}","logger_name":"AuditLogger","level":"INFO","index":"NameOfElasticIndex","documentId":"IdOfDocument"}
I was wondering in filebeats is there any way that we could create a config that would be able send just the "message" field to elastic using index in the "index" field passed in by the logger?