I was able to successfully index Weblogic HTTP access logs into ElasticSearch thru Logstash. I am now tasked to do IIS logs - I was under the impression that when I process the IIS logs the new fields will be added to the current logstash.* indexes in ES, but that was not the case.
Can anyone provide any feedback on how to tackle this problem.
Unless you've configured the elasticsearch output otherwise all events will be sent to logstash-* indexes. How do you know the IIS logs reach Logstash in the first place?
Thank you for your quick response. I am manually processing the IIS logs.
I have processed Weblogic logs and now I want to add the IIS logs to it. When I processed IIS logs got several errors and nothing got pushed or created on ES. I am processing old IIS logs.
For testing purposes I created new instance of ES and processed the same logs everything went well.
I have retired processing IIS logs and this time I didn't get any error and they were successfully processed. Thank you Magnus for your help. This can request can be closed.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.