We currently run a number of Hosts, Exchange-Servers at that.
For Problem identification, we require two kinds of logs: Exchange Servers generate IIS-Logs, which are useful for getting return codes over user & time. These codes are really the default IIS format, and for that reason we believe using the beats-iis module would be the perfect way to go.
However, there is another log which seems quite useful, namely the MessageTracking.log
MessageTracking is basically a CSV. And while the fields are well defined, it might just happen to have (quoted) commas within them, which makes pattern-based filtering a pain, really.
Now Logstash's CSV filter might be able to help me out with that, but then again, that requires me to split those different inputs up into two outputs.
As far as I understand Filebeat does not support multiple outputs (and for a good reason) so the Idea would be to run multiple filebeat instances as a windows service, each of them being responsible for it's dedicated log file.
What I need to understand is how to configure both filebeat instances correctly, in order to have them fully independent from each other.