Is it possible to run logs that are in ElasticSearch through Logstash again, ideally replacing the new output in ES?
How do you normally handle changes in the pipeline? Do you just leave the old stuff as is or are you supposed to get it 100% right the first time?
I'm in the process of setting up while learning Logstash and ElasticSearch, mainly working on the logstash config, witing grok patterns and the likes.
I would like to start processing live logs to show the management some impressive kibana graphs asap 