I was just curious because having all my logs for any service or application in one spot makes it easier/quicker to set up a log shipper configurations.
For example,
I can use these settings below to get all the log files that end in .log in the directory /var/log.
If I install filebeat on the client end so do I need to configure sidecars in Graylog server or creating inputs is fine for receiving the logs from the client machine.
When you install sidecar (with filebeat) you modify the local sidecar.yml to adjust local settings and point the beats to where your Graylog server is… then it will show up as available in Graylog. Thne in Graylog GUI you can create configurations based on log collector types that can be applied to the client sidecar. The configuration is pushed tot he client sidecar and tells it what to capture and how to capture it… this way you can apply the same configuration to multiple clients.
Image if the Graylog Sidecar was like your Remote Controller for your TV set.
Your TV ( AKA Collector)has all the channels to watch and your remote ( AKA Sidecar) only tells your TV to turn on or OFF and what channel to use