I am working with grok to parse my logs in logstash, and there is a lot of difference between my logs (optional fields), I would like to know which solution is the best and why!
1- Make one complicated filter with a lot of optional fields
2- Make a filter for each log
Thanks for your help!
I combined between the both and it's working perfectly
Thanks for your help