The log files on my system are stored in the following manner.
and these folders finally contain the log files (access, error, audit and csv files) that need to be parsed
example:
since it is realtime data, new units and new folders in the units folder keep on getting added. I need help in understanding how to organize the filebeat inputs for parsing of all of this data to logstash and also extract the unit number as a field.
Should I create a single index or multiple indices? A dashboard that does not require regular edits or changes is to be created finally. I need a way to create the flow such that there is minimum disturbance in the work flow.
Help will be much appreciated.
Thanks in advance