jpsandiego42anyone ever see logstash duplicating details from filebeat (/var/log/syslog) - "syslog_program: sshd, sshd, sshd"
jpsandiego42looks like perhaps the multiple configs I'm expecting to be separate are overlapping and all processing the same message.
knittlhi. I'm not able to figure out how to start logstash from docker with the -e option. somehow/somewhere -f seems to be provided. how do I disable -f?
knittlah. I have to provide --path.settings=
knittlthat explains that :)
HydrarAm I understanding it right that the "official way" to parse logs is starting to become more the task of filebeat than logstash? It feels like the official patterns haven't been updated for example nginx :S
HydrarOh wait, nginx seems to use COMBINEDAPACHELOG format by default, derp
darkl0rdAnyone knows of a way to enrich data before sending it to logstash using filebeat? On the nodes that ship my data I want to add some content (from a database) and I can't do this from the logstash host (since it can't reach those databases)