Hi there,
I've deployed sebp/elk (https://hub.docker.com/r/sebp/elk/) in a 3 node swarm. It comes up fine. If I point winlogbeat to Elasticsearch, it works fine. However, I find that if I set Logstash as the target for winlogbeat, then it seems like the containers and their IDs are different every time the swarm is restarted and winlogbeat generates errors about not being to contact logstash. This obviously makes it impossible to set any Logstash conf files
Am I misunderstanding how it works?
winlogbeat -> Logstash (in ELK Swarm) -> Elasticsearch (same swarm) (no good)
winlogbeat -> Elasticsearch (in same ELK Swarm) ok
Do I need to use docker compose with swarm?
Thanks
Stinkfly