Hi, I'm a newbie with this wonderful tools and I've an existential question. What is the best strategy for the input ? It's better to have one input by service ? One by OS type ? One by client ? Initially, I start with one input for my all Linux server with differents services but with this method I've lot off extractor so I think it'll be better if I split in multiple input. Other problem with this method is that I multiply field. For exemple, if this input collect logs from Apache (from one server) and dhcpd (from another), when I search data, I see Apache field in DHCP logs. It will be better if I see only DHCP field for DHCP log only. Maybe I've not understand all ...
What is your strategy or recommandations ? Thanks lot -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1bd41a34-0522-45df-b8ea-d608d2a16a98%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
