In logstash config file:
'''input {
beats {
port => 5044
}
}
filter {
if [system][process] {
if [system][process][cmdline] {
grok {
match => {
"[system][process][cmdline]" => "^%{PATH:[system][process][cmdline_path]}"
}
remove_field => "[system][process][cmdline]"
}
}
}
}
output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}'''
my goal is that i want to filter from beats and then ship it to logstash there i no need to filter anything just what logs are configured just push it to elastic this is the main goal
for this how i have to write logstash config file?
whether i have written already is correct or i have to correct it?