When should I use multiple input for my graylog? Do you have a use case?
For instance, I have different Symfony (3.x) applications with different environments (integration, prod, ..) and I want all of them into my graylog.
What is the best way (or the bests pratices) to send all of them into my graylog and easily crate stream based on this environments?
The way I always understood this is that you create separate inputs for "kinds of logs". Like: one rsyslog input for all machines sending logs in rsyslog format, second for all GELF applications, third for capturing NetFlow, etc.