I'm looking to set up a logstash instance that receives syslog input from a number (~ 10) web apps.
What is the best solution for identifying the source of each log? Ultimately I'd like an application field that identifies the source of the log.
It looks as though this may need to be handled at the application level, e.g. the app including its name in the log data, and a grok rule that transforms that into the application field, rather than being able to configure a separate logstash input for each application.