Dan,

I see three questions in your email, which I'll try to address in turn:

- *"Can my application send logs with a unique token?"* – Your
application can add any text it likes to the message, of course. When
they're sent to the syslog drain, the messages will be embedded in a
syslog-formatted line. Looking at Logsene's syslog example
<https://sematext.atlassian.net/wiki/display/PUBLOGSENE/Syslog#Syslog-Example>,
it seems that they expect the syslog message to contain a JSON payload with
the token as a property. If your application produces that JSON, I think it
would be compatible. However, the Loggregator system does not wrap bare
loglines into that format, nor can it be configured to do so without
rewriting code.
- *"Do multiple apps on CF send logs from the same IP address?"* – Yes.
But it's worse than that: not only do multiple app streams come from the
same IP address, but a single application's stream can come from multiple
IP addresses. So this is probably not good from Logsene's point of view.
- *"Is Loggregator's HTTPS transport compatible with the ElasticSearch
API?"* – No. Loggregator makes a POST request to the HTTPS endpoint by
putting a syslog-formatted line into the body of the request. It does not
have support for building an ElasticSearch-compatible JSON payload around
the message.

It appears to me that the best shot you have of compatibility with Logsene
is having your application build messages in the expected way, with JSON
wrapper (if that's truly needed; my quick read of the syslog example I
linked above was unclear). Keep in mind that Loggregator sends each
*line* separately,
so your JSON payload must be a single line to be transmitted correctly.

– John Tuley