Besides the standard modules( system, auditd etc), I have to send a custom logs from one server to elasticsearch.
I am thinking of sending the logs to logstash first so that I can do some grok processing for this custom logs
How can I differentiate the logs( by adding tags etc) so that default modules log go to one index whereas other logs go to different indexes
Looking for some guidance.
Thanks in advance