Hi Forum
I'm quite new to the ELK solution, but learns every day 
We have a setup with several PF-Sense Routers that I would like get overview over.
I have followed this guide : GitHub - patrickjennings/logstash-pfsense: Logstash configuration for pfSense syslog events.
And I have logs through to ELK from the first router - But I would like to know which is the best way to do this:
-
- All incomming logs into one index - but able to show all routers at once and seperately?
Is the easiest way just to copy and change the files under /etc/pfelk/conf.d ( and create a new conf file pr router) or is there any other way to do this ?