add container_elk notes

active/container_elk/logstash.conf

@@ -0,0 +1,24 @@
+input {
+  file {
+    #https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html
+    #default is TAIL which assumes more data will come into the file.
+    #change to mode => "read" if the file is a compelte file.  by default, the file will be removed once reading is complete -- backup your files if you need them.
+    mode => "tail"
+    path => "/usr/share/logstash/ingest_data/*"
+  }
+}
+
+
+filter {
+}
+
+
+output {
+  elasticsearch {
+    index => "logstash-%{+YYYY.MM.dd}"
+    hosts=> "${ELASTIC_HOSTS}"
+    user=> "${ELASTIC_USER}"
+    password=> "${ELASTIC_PASSWORD}"
+    cacert=> "certs/ca/ca.crt"
+  }
+}