For a couple weeks I've been attempting to migrate my logs to ECS. I have a running ELK 6.x cluster and it works fine, but my new cluster I want to see if I can get ECS running. I am starting from scratch so old logs don't matter.
Log files are being fed from Apache with a custom log format. I can't seem to get the grok pattern to work no matter what I do. Can someone point me in the right direction? I've done lots of Googling and searching through the forums and documentation but I can't find any documentation on using logstash/grok with ECS.