Assume i have 3 different systems sending different syslog formats to my server on port 514.
Using filebeat, i want to use modules in conditionals. eg. When a message field contains "pa" use the PANW module, but if the message field contains "something else" use a different module.
I'm not convinced if such routing is possible on the application level. You can configure filebeat inputs to follow different files, ports, but AFAIK there is no multiplexer.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.