I have setup Filebeat on a server which I would like it to pass a custom application log to my logstash server.
On my logstash server I currently have a
beats_input.conf which is listening for all my beats inputs. And a
beats_output.conf which sends the data to elasticsearch. All this functionality is working well.
If I want to add in my custom log file, on my logstash server do I need a
beats_postprocess.conf with my GROK filter in it. Or can I add my filter to the
What is the best practice here? All my other beats inputs are from Winlogbeat and are being processed by the
beats_input.conf and the
beats_output.conf file on my logstash server.
Any guidance would be appreciated.