I need to dump logs from one of our application to elastic search.
The application generates a unique log file for each request. Once the request is completed, this log file will be never updated again. We generate around 1000 log files per minute during peak hours.
Planning to use file input with close_older set to 300 seconds.
Any flaws or drawbacks with this approach? Most of the examples talk about using file input with single file or less number of files considering roll over.