Currently im running a graylog instance with a couple of collectors for gathering the logdata.
I thougth I could use the tags to create different configurations for gathering the logdata.
I wanted it to use it as follows.
Setup the linux tag for gathering syslog messages and send it the to global beats input.
Setup the apache tag for gathering syslog messages and send it the to same global input.
This is not possible however. I would need an extra input for every tag on a seperate port. This would also mean I would have to punch more holes in the firewall for every configuration.
Is there an solution for this kind of use-case.
Furthermore It would be nice once you got a collector running, you could change some general configuration from the graylog web-interface like the tags etc