This is my first time setting up Logstash as opposed to just using a standard syslog server to throw data at Log Analytics. I basically have an Azure VM set up with port 514 open to specific IPs. I am hoping to use port 514 for multiple inputs and have Logstash filter the inputs, then output to different Log Analytics tables. Does anyone by chance have a working example of what I need to do to filter the incoming logs, or should I just do this another way, like use different ports for each source?
I just have a few SaaS product logs that I want to point at this and then forward into custom tables in LA.
I am sorry if this is an incredibly dumb question, but I have not seen a ton of examples out there for this. I've seen a few where people are tagging the data from the tcp input port, then using that tag to output. I guess I just want to know what the best practice for this is and was hoping someone had a working example that they might be able to share.