thx Kay, great answer, the logic that I was looking for :-).
A. On Thursday, July 31, 2014 1:47:57 AM UTC+2, Kay Röpke wrote: > > Hi! > > Generally speaking: > If your log senders need special treatment (i.e. if you need to set up > different extractors), then use different inputs. > If you send gelf directly, you are generally ok with one input. > Syslog-like inputs often need special extractors, so in those cases > you have special "plain text" inputs with extractors, Cisco "syslog" > is like that in many cases. Or ESXi. > > Another case is if you want to tag sources in a special way, using a > "static field". Those are per input, so you would configure different > inputs. Use-cases could be different applications deployed across many > servers, where you don't really care about which server actually > handled the request, or rather at some level you don't care. This > often includes GELF sent from applications, where you cannot > differentiate between messages because they all look similar. By using > different target addresses, you can tag them. > > Other than that standard network considerations apply, e.g. load > balancing or firewalls. > > HTH, > Kay > > On Wed, Jul 30, 2014 at 6:54 PM, Arie <[email protected] <javascript:>> > wrote: > > Hi Denny, > > > > tnks for your response here. > > > > I have one server with the graylog2 components and one ES cluster of tho > > nodes. > > inputs are not configured yet, the question is what others would do > here. > > (well two inputs are in use now 4 two different environments) > > > > ihmo best is to configure one input for each server/application to have > the > > best control over everything I guess, > > but i do not have a clue what the impact on graylog would be. > > > > > > > > > > On Wednesday, July 30, 2014 1:41:50 PM UTC+2, Denny Gebel wrote: > >> > >> Hi Arie, > >> > >> how did you set up your configuration? One input for everything or did > you > >> seperate anything? > >> > >> Denny > >> > >> Am Mittwoch, 2. Juli 2014 16:08:25 UTC+2 schrieb Arie: > >>> > >>> Hi all, > >>> > >>> I am working on our production cluster. We want to get log-files from > >>> different systems > >>> with different functionalities. Some systems are related to each other > >>> like ESB, and others > >>> are stand alone. It concerns Windows en Linux systems and a wide > variety > >>> of > >>> custom build applications. > >>> > >>> Now we want to configure Inputs, and the question is what is a best > >>> practice here. > >>> > >>> One input for all (windows) logfiles, or different Inputs that are > >>> related to the application-clusters. > >>> My guess is that different inputs are helpful when narrowing down and > >>> building the possibilities > >>> of search and application exception. > >>> > >>> Ont the sending site we shall use nxlog and rsyslog mainly, and use > gelf > >>> support if possible. > >>> > >>> Thanks ,, > >>> > >>> Arie van den Heuvel. > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "graylog2" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
