I am looking at how to set a specific index for this add-on as we have multiple groups responsible for Cisco devices, and we do not want them to see each others logs.
Any idea how to do this?
create indexes.conf under etc/apps//local to have your index. Then in the inputs.conf, for that monitor stanza/syslog etc.. you can setup index and sourcetype.