Hi!
I have set up Logstash to preserve original message in "message" field for archiving purposes.
Every night, I run a pipeline, which reads everything from yesterday and outputs it to a file on disk.
The idea is to be able to read them back to Elasticsearch via Logstash, when they are rotated away after a long time.
It works well, but I have a problem with events read using Beats. I have not found a way to preserve original message from Beats events. The cleanest way would be to use the same pipeline to read also events created by any beat, but for that I have to encode beats event back to JSON and save it as a string in a field in the event.
Any suggestions how to achieve this, or better approaches?