Best practices to separate two netwflow inputs

Hey all,
I have a logstash input ingesting router flows and I'd like to have another to get Cisco ASA netflows.
What's the best way to achieve this?

Should I create separate indexes
logstash-firewall and logstash-router to distinguish between the two?

Currently logstash index contains both netflow and syslog type from two different sources

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.