I have a huge stream of data collected from a variety of systems and locations (dev/prod/stage, system logs, app logs, etc) that I will be pushing to an HTTP hosted collector. Now, I've started down the path of creating different sources under my collector, but I have the following quetsions: --Should I create separate sources at all, or just dump all of it into a single source? --If I should create multiple sources, should they be by host, by log type (app log / system log)? --Is there any reason to have more than one collector for this? Thanks, -Dan
Please sign in to leave a comment.