I'm using syslog->logstash->elasticsearch->kibana to visualize my logs. The stack is working fine so far. I have already a few thousand logs in elasticsearch. Now I decided to change some grok filters. Is there a way to process all logs again to be matched by the new filters?
I can think of somehow exporting the database and adding that as a new input to logstash, but this would be kind of complicated. I'm looking for an easy one click solution, because I'm likely going to change some filters in the future. I could not find any easy solution so far. Any help appreciated.
