Hi Eric! I'm glad you liked it.

Forking traffic is a terrific idea. But as far as I know you can't use the Microsoft AMA agent with Data Collection Rules to store data into ADX. So I'm afraid you need to look into Logstash.

Since Logstash can do both you'll be able to filter and split the data inside Logstash as you see fit. You can use multiple output destinations within one configuration or create multiple configurations with separate listeners.

Please find an example Logstash configuration on my Github gist: https://gist.github.com/TheCloudScout/c0e9c486a4bdb30e950e6b5332b90466

You'll see that this example uses different destinations based on the source ip of the sender. It even combines old MMA based ingestion (with workspace id and key) and new DCR based ingestion. This is ideal for migrating to DCR based ingestion as well.

Hope this helps. Please reach out to me if you have any additional questions!

Regards, Koos