Recommended Workflow for creating Logstash configs

Pretty much what I said in the subject.
I can't seem to find any rock solid resources - what is your workflow for building new configs? I have a relatively small instance and I'm still learning the ropes of index management and the like.

To me, it is currently a major chore to start building logstash configurations. I usually end up with a half-dozen ssh windows open trying to monitor as I build, break, work on inputs/outputs, figure out my groks and kvs and flip over to kibana.

So, what are your workflows? Do you have a second instance just for development? Do you build up test indexes that wipe themselves after 4 hours or whatever, or a 'generic' index that collects everything? Do you use pipelines to have a prod and a dev?

Since I'm basically greenfielding this - please help me out by describing your workflow from 'new device ready to send logs' to 'I'll call that done' in respect to building logstash configs or at least say 'Hey, this blog article covers it'

Thanks!

[Virgin post!]

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.