Im very new to ELK and I've recently moved my firewall logging from Splunk to ELK - i currently have my palo alto firewall logging to ELK and I can see syslog messages in being displayed in dashboard in KIbana.
All my historic data has been exported from splunk in a json file. What i would like to do is import this into ELK.
Is it a case of adding a new input into the existing logstash config file?
can i make a copy of the existing config file, rename it and just change the input to file rather syslog?
if someone can help with an example snippet of config file to see how I can achieve this?