I explored the wonderful graylog in order to store all log of my servers and I’ve now a good idea of graylog, so I try to build the architecture for collecting my data.
What is the best practises to collect data from many servers (more than 100 servers) ?
I will collect apache logs, windows event log, file log…
I wonder if it is better to create several inputs (one for apache log, one for windows event log…) or is it better to have only one input ?
Then, all type of data would be recorded in a specific stream/indices:
- 1 apache_log stream (with an index apache_)
- 1 windows event log stream (with an index event_log_)
If somebody has got an experience of the architecture design in graylog…