The Multiport syslog source can add the port number on which the data was received to the event headers. You can use with a multiplexing channel selector to separate this to different channels.
Thanks, Hari On Wed, Oct 15, 2014 at 9:45 PM, Sharninder <[email protected]> wrote: > Hi Guys, > I'm trying to implement a system to archive syslogs using flume. I've > played around with it a bit but haven't really been able to figure out a > way to segregate logs according to the host they're coming from? Is there a > way for me to add the hostname to the event header somehow? I can then use > either an interceptor to read the header or even a custom sink to deal with > events based on the hostname. > -- > Sharninder
