Scaling Up Syslog CEF Collection

1.) In the above link, there is no mention of Log A Agent which should be there in the case of Logstash-vmss's architecture. As per my understanding, the Log A output plugin takes logs from Logstash and ingests them into Log A workspace in a custom table which I suppose is neither syslog no cef format. Am I correct at this point?

the document is how to connect logstash to send custom logs.  The VMSS is to send syslog to CEF table in log a.  you can use either option, but the VMSS was very specific to get CEF logs into CEF table.

2.) Can we build such a model where the whole of Microsoft's grand list of data sources(https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-the-connectors-grand-cef-syslog...)  be ingested into sentinel in one single common format (cef/syslog not custom) using Logstash?

Yes you could.

3.) I read somewhere sentinel gives better monitoring, analytics, correlation, incident generation, etc. if data from all data sources be ingested into sentinel in cef/syslog format. There can be quality issues if every data source has its own custom data format and table in sentinel which will not allow sentinel to do better analytics on data because of the randomness of data field names. Am I correct on this point?

Correct.  CEF is a standard format so running queries is much easier when all syslog data is in the same format.  if each has its own custom log then you need to write queries for each custom source.

4.) Can sentinel perform data correlation and analytics if there are N numbers of custom tables present for different data source security appliances?

Yes but it requires a more complex query.  Hence using CEF makes it easier.