When sending data to InsightIDR, you have to specify a unique port for each data source. For example, on an AD DC, you need a unique port for security event logs, DNS logs, and DHCP logs. As it currently appears, I would need a template or individual configuration on each system. To optimize/simplify this, is it possible to use FIELDS and PATTERNS in templates? e.g. DC1_SecLog=<port 1000>, DC1_DNS=<port 1001>. In the template reference a FIELD/PATTERN based on the agent info like hostname and/or tags?
Just looking for a way to minimize the number of templates I have to manage.