All,
I have two log types I am trying to forward using the forwarder. One is a plain log and the other is a json fie. I need to be able to have ELK parse them differently but can not figure out how. For the json file, on the ELK server if i have the below it works great, but then the plain log file dies. the key t this working is the codec json part.
input {
lumberjack {
port => 5001
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
codec => json
}