i have been researching for the best solution for this scenario:
my organization has 2 unrelated logs sections:
- Application section:
-made of serval applications (each application can, in theory, be grouped by a single transaction code or id)
- system section:
made of many systems that are a closed box:
- windows logs
- iis logs
-firewall logs etc..
so i am looking to setup a "single point of truth" where if there is a request to investigate from the application i would be able to see all related system section logs.
i dont know if this is something that logstash can do or maybe i need the elastic apm?
thanks for any help