How would you design a centralized logging pipeline that can ingest and process security events at scale for Cisco?