we are using logstash as part of our logging infrastructure and a prefilter to our SIEM system. The last step for this is to send events from logstash to the SIEM using syslog.
To leverage the buffering capabilites from logstash and smooth out bursts against our SIEM events per second license, I would like to implement some rate limiting in the syslog output plugin. Something like "Only send 5000 events per second through this output".
Is there any way to do this? I'm aware of the throttling plugin, but from my understanding of the plugin that's not what I'm looking for.