Hi @jsoriano, really followed the chat. Just one thing, I have logs placed in different machine, so should I install beats there and configure it.
I have installed ELK (all three) in different machine.
So the way I should proceed is, I should install ONLY beats in machine which has logs, and the machine where ELK is there will take care of everything right?
So only beats installation to log machine is required, RIGHT?
Yest, you only need to install Filebeat on the machines where you want to collect logs from. In the machines where you are running the Elastic Stack you can also install Beats if you want to collect logs or metrics from there.
You can also use elastic-agent now to collect logs.
I am also facing one more issue.
I have logstash running at 5044 on ELK machine. I have one conf file already existing with TCP input, now I want to create one more conf file for beats input.
So should I make different conf file and place both in conf.d and restart logstash, or how?
Yes, it should be possible to use multiple configuration files, you will need to add them to the conf.d directory of your logstash configuration directory, and it seems they need a .conf extension. You would need to restart Logstash after modifying the configuration.
You can run multiple independent configurations on the same logstash instance, just need to configure pipelines.yml to point to the configuration files, check the documentation for more information on this.
You can't use the same port in different configurations, you will need to use different ports, if you are using port 5044 on tcp input, you cannot use this port on the beats input.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.