Hello.
If I like below diagram:
Winlogbeat -> Logstash -> Elasticsearch -> Kibana
Then in Winlogbeat configuration I must set both Logstash and Elasticsearch servers?
Thank you.
In that architecture you should configure Winlogbeat to output only to Logstash.
If I enabled "Elasticsearch" then what's happened?
We don't recommend have two outputs enabled.
Winlogbeat will try to send the events directly to both Logstash and Elasticsearch. It requires a direct connection to both services. If one service goes down it will completely stop reporting events until it comes back up because it wants to guarantee at least once delivery to all outputs. Starting in 6.0 it does not allow you to have both outputs enabled at the same time.
"Winlogbeat will try to send the events directly to both Logstash and Elasticsearch" !!!
"Logstash and Elasticsearch" or "Logstash or Elasticsearch" ?
Thus I must disable "Logstash" or "Elasticsearch" ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.