I’m trying to process input from filebeat which delivers data from multiple log files but I’m not sure how I an accomplish this in Graylog. Basically filebeat sends different messages each with different “type” fields (e.g. “app1_log”, “app2_log”, etc.).
Since each app has a different log format I need to be able to define multiple extractors but only run each if the “type” field has a certain value. Something along the lines of:
if message.type == "app1_log"
apply extractor_app1
else if message.type == "app2_log"
apply extractor_app2
...
How can I accomplish this?
Regards,
Dennis