Hi,
I'm playing around with the new Elastic5 products and am interested in using the ingest node feature with Filebeat as the agent. I have a server that runs several applications with different log files/formats and it seems that per Filebeat agent you can only define a single Elasticsearch output that references a single pipeline.
It would be nice if it was possible to define a mapping of log files to output pipelines instead of having to maintain one big pipeline containing all of the grok patterns. I feel it could get messy trying to keep track of all of the patterns and which application's logs they are matching.
Something obvious I am missing or will I have to maintain a large list of grok patterns in one pipeline?
Thanks