I wonder if someone can point me in the right direction please. I’ve trawled through the documentation, searched the forums and searched for tutorials but can’t seem to get this straight.
Basically the first hurdle is that we have log files on several servers (Windows/Linux) for different applications (IIS, Apache, Nginx, Postgresql, custom applications). I am struggling to visualise and understand how I should setup the filebeats input to handle the different combination of logs from each server.
For example, at the moment I have Server A sending in the postgresql logs. So if I wanted to collect only Postgresql logs from Servers A, B and C, they could all send to this one input and I would use the pipeline and streams to separate/combine the logs as required. But then what happens when I need to collect Postgresql and Apache logs from Server D? Do I create a new input specifically for that combination? So each server has its own side-car and configuration?
Is this the best/recommended way or is there a different way that I am not thinking about or come across.
Current versions installed:
Server: Graylog v3.1.3+cda805f Sidecar: 1.0.2 on Ubuntu 18.04