Hello
Currently we us the combination of the throttle and sleep filter to protect our elk cluster for unexpected high message peaks. Unfortunately the sleep filter sets logstash completely into sleep. We distinguish between different user groups by the type tag. Is there a way to do the throttling more granular? Or is there even a better way?
Any help appreciated!
Cheers,
Chris