Hi Folks,
Besides the standard modules( system, auditd etc), I have to send a custom logs from one server to elasticsearch.
I am thinking of sending the logs to logstash first so that I can do some grok processing for this custom logs
How can I differentiate the logs( by adding tags etc) so that default modules log go to one index whereas other logs go to different indexes
Looking for some guidance.
Thanks in advance
Immac