I'm fairly new to the elastic stack but I've successfully created various sandbox environments (using docker compose) chaining FileBeat, WinLogBeat and PacketBeat to LogStash for example. I've worked a lot with the provided filter plugins in LogStash and have written my own plugin as well.
Anyway, now I have a better feel for the stack I want to understand how testing works, specifically if I have a log which contains data I want to use to exercise my stack (whether it be a HTTP log, a PCAP file or a windows event log for example), is there a way to run the same log/scenario in over and over? In effect I want to test the end to end behaviour of the stack so I can be sure it is doing what I need it to.
With PacketBeat I can startup with a specific PCAP file, so that seems easy on the face of it, however with FileBeat and WinLogBeat I am less sure, because I've had issues with the way the components keep track of the position in the log files. Also in terms of WinLogBeat it seems less obvious how to point the component at a fixed 'test log' as opposed to the standard logs in Windows O/S (I suppose I could point FileBeat at a Windows event log, but that feels slightly wrong, and of course means I'm not testing WinLogBeat).
I'd be grateful if anyone could point me in the right direction,