I have a system, which has quite a number of sub-systems in it, each sub-system will produce its own log files, whose sizes ranges from a few MB, a few hundred MB to a few GB. These sub systems don't really have a lot of common fields (minimal or even no), in this case, should I put them under the same index or put them under different indexes? (putting them in different indexes => resulting in a lot of small shards in the cluster, is this recommended?)
Without further input as to what query volume you expect and what your data size will be in total my first advise would be to model your index to be in line with the types of queries you'd expect: If those logs are truly distinct and you will ask different questions to each I'd also put them into different indexes.
For more general input on sizing elasticsearch see:
For more input on your specific question on whether having many shards in one cluster is an issue see here:
https://www.elastic.co/guide/en/elasticsearch/guide/current/kagillion-shards.html
Hope this helps,
Isabel