Configure Kibana on my Windows Server machine

Sameer_Panicker · March 4, 2016, 5:29am

I am new to ELK world. Read a lot of articles, installed ELK, etc. but i am confused now. Hence, want to start it fresh.

I have a requirement to setup Kibana on my Windows Server 2012 R2. I have 22 servers and i need to configure kibana to view logs from all 22 servers.

Could you please send me good article, video links on how to set up kibana on my WS 2012 machine ?

Thanks & Regards,
Sameer S Panicke

magnusbaeck · March 4, 2016, 6:43am

Have you explored everything on http://elastic.co? Apart from the documentation there are several blog posts and videos that should be helpful, depending on what's confusing you. If you can be more specific it'll be easier to help you.

Sameer_Panicker · March 5, 2016, 7:49pm

Thanks Magnus for the quick reply.

Yes, I have explored most of the documentation on elastic.co. But couldn't get what I was actually targeting for. This is what I am actually trying for -

Logs -
ProviderId : be13da43-0300-572a-6b6d-cc498885e7fd
EventId : 7
Keywords : 128
Level : Error
Message : InternalServerError
Opcode : Info
Task : 2
Version : 1
Payload : [sessionID : ec550382-2d0d-4a6d-b437-c21536874aa6] [sourceSystem : 32] [request : {"request"}] [response : {"response"}]
EventName : ResponseInfo
Timestamp : 2016-03-04T14:42:55.9813845Z
ProcessId : 19044
ThreadId : 9224

Above is the same log which gets generated on my servers. I wanted configure kibana in such a way that I should be able to search by sessionID: ec550382-2d0d-4a6d-b437-c21536874aa6.

I need to know where exactly I can specify my log path in kibana settings and search for the above log

warkolm · March 5, 2016, 9:02pm

Kibana can only show what is in Elasticsearch, so you need to take the data from the logs and then load that in to ES.
You should look at Winlogbeat for that.

Sameer_Panicker · March 5, 2016, 11:39pm

This looks like it searches for logs under Windows Event Log Files. Is my understanding correct here or it can used to search for logs under any path. e.g. ServerName\ServiceLogs...txt

warkolm · March 5, 2016, 11:45pm

Ok, check Filebeat then

Sameer_Panicker · March 8, 2016, 4:44am

Hey Mark,

Can I just work with Kibana and Elastic Search? Do I need logstash ?

I dont have any sort of customization as of now, just to retrieve logs based on ID/TimeStamp. Hence, just wanted to know whether my req. can be fulfilled without logstash.

magnusbaeck · March 8, 2016, 6:36am

Can I just work with Kibana and Elastic Search? Do I need logstash ?

Logstash doesn't do anything magic and isn't a required component. Whether you will need Logstash is impossible for us to tell.