We often have to split logs into several retention categories. The usual way is to use different indices/ILM policies/data streams for types of logs.
We should have a way of splitting logs by condition (like in Redis outputs in pipeline management). I don't know if there's a solution with Elasticseach-pipelines but we can definitely have it in our Elasticsearch outputs in Logstash. If both works, why not implement both?
We often have to split logs into several retention categories. The usual way is to use different indices/ILM policies/data streams for types of logs.
We should have a way of splitting logs by condition (like in Redis outputs in pipeline management). I don't know if there's a solution with Elasticseach-pipelines but we can definitely have it in our Elasticsearch outputs in Logstash. If both works, why not implement both?