We are having a logstash receiving syslog from multiple sources/hosts.
Changing the syslog remote port from 514 to other is not our option.
Is there any practice to separate / route the log from syslog to different pipeline?
If you want to route all of the events from the syslog input to a different pipeline you can do it by adding a tag and a distributor pattern with pipeline-to-pipeline communication.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.