I think I get it now! Thus far, my attention and energy has been focused on shaping and tailoring my system logging to look right in syslog and pushing to :514 to my Graylog test instance, but as I look to collect more inputs, I wonder if I’ve been going about it wrong: Is Graylog Sidecar a mechanism that should replace all my manual log-picking and massaging efforts?
Like instead of manually mucking with rsyslog.conf, I would want to set up Graylog Sidecar and let it expose to Graylog all the log message sources so I could pick and choose and massage the messages there?
Is there a big advantage (any disadvantage?) to this?