Hi guys, Im trying to ship my application events to my elasticsearch platform.
My app and elk are running on different servers (ping reachable).
I already have the php library working on a little example script taken from
https://www.elastic.co/guide/en/ecs-logging/php/current/setup.html
After execution it echoes:
{"@timestamp":"2021-02-21T20:59:23.316323+00:00","log.level":"WARNING","message":"Be aware that...","ecs.version":"1.2.0","log":{"logger":"MyLogger"}}
In order to ship this line to my elk server, have following thoughts:
1_ Using elasticsearch api:
a ) Where should I define elasticsearch api url ?
b) Where should I define the index ?
2_ Using filebeat , (this is what I understand is needed)
a) Write logs lines to some file.
b) I install filebeat on my application server.
c) Config application log file path and provide filebeat reading permission.
d) Config filebeat parser to read my log lines.
e) Config kibana and elasticsearch api urls.
and .... filebeat will automagically create the index in elasticsearch and visualization in kibana?
I preffer option 1 .. it seems easier.
btw : Please provide more examples or complete documentation for php login library.
I can not find nothing to follow.
Regards.
