-
Creating an Input is like opening a port on a firewall.(inputs also have extractors to allow you to modify incoming messages) you need one so your sidecars can send messages in. Generally one input is needed to receive beats information from multiple clients. Your screen shot is choosing the Graylog server you have as the node the Input will be opened on. The Sidecar client installation configuration (sidecar.yml) should point to the Graylog server and input port you have set up.
-
When the sidecar starts up on the client it should connect in to the Graylog server it has listed in it’s sidecar.yml file (which also has connection modifiers, configuration for local beats/nxlog to be used etc.)
-
once the connection is set up, you use graylog (as I described above) to then push configuration for which areas/files to pull messages from (including restrictions on what to send) - these are the sidecar/generated/ <>.conf files that are pushed they should mirror what you set up in Graylog . If there are issues, sidecar/logs/ is a good place to look for what the client is/isn’t doing. sidecar/cache keeps track of where you are on the files you are sending messages from. (note: I am referencing from a windows system so there may be some differences)
This post has a lot of detail about sidecar configuration even though it is an older version of Graylog/sidecar. There are some examples of the sidecar.yml configuration in there that are close to what you want.
It seemed easier to talk through the process than to hit your questions individually… 