All,
I'm getting closer to a well-working ELK. However, I'm seeing duplicate log entries for everything (Windows eventlog, Linux syslog) which, of course, isn't good. What's causing this behavior, and how can I fix it? I'll provide whatever config files are appropriate.
Diggy
Yes, configuration files would be helpful. Please check exactly which files you have in the configuration file directory (typically /etc/logstash/conf.d). Logstash will read all files it finds. If you list an elasticsearch output in two places you're going to duplicate all messages.
Magnus,
Indeed, it was that output was in two places. Remediating that also forced me to consolidate my configuration files, making everything much cleaner.
Thanks, again, for helping out with my lame newbie question.
Diggy
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.