I do lots of flat logfile ingestion in Graylog, but i usually set up a sidecar and use filebeat for that.
Basically I install the sidecar and connect it to a graylog server, then make a sidecar config in the webUI, then I assign that sidecar config to the endpoint in sidecar administration.
Here’s an example of a sidecar configuration pulling a bunch of flat files:
I annotated where the input files and output graylog/logstash server are declared in the config.
The benefit of this setup, to me, is that I can add more logs to the extraction config from the webUI and not need to SSH into or touch the log origin host.
You could probably get away with something similar, by changing the path of the input files to match the log files which you want to ship.
I hope that this is helpful info… Also, this forum is pretty active so I’m sure a more experienced GL admin will be by shortly to help out further than I can.