Hi,
I have a question to Output plugin. Curently I am using filebat to parse mulitple rsyslog files.
Rsyslog files are divided by device. every device logs in to separate directory.
What is necesary to split index files in elastic search? For example i would like to split firewall logs to its own index file, APs / Switches to separate etc.
I know i can prepare output plugin based on tags for example. but is there anything else what I should do? Index templates?
Jan