Scenario:
1.ELK is already placed and currently getting three different log files as input from three different server .
2.Now as my system is in place already ,if I want to add log file from fourth server on the fly.
Question?
1.Is it possible to add new log file as input from different server on the fly?
2.If Yes ,then how to achieve this .
Please help....
Is there any reason you have posted this in the LSF category?
What, exactly, does "on the fly" mean in this context?
Without restarting Elasticsearch? Yes.
Without restarting Kibana? Yes.
Without restarting Logstash? Probably not, but it depends on what your configuration looks like.
On the fly means that all servers(logstash,kibana,elasticsearch) are up and running.
For third point ,my configuration have Logstash on server 1 and kibana & elastic on another server i.e server 2.
With given configuration ,do we need to restart logstash(Elastic and Kibana i need not to restart as per your last comment) to add new logs file from server 3.
How are the events from the various servers reaching the Logstash instance on server 1? In other words, what inputs do you have?
Please edit your original post and move it to the Logstash category. It has nothing to do with logstash-forwarder.
I have moved this thread to Logstash. We are using Filebeat for input.
Input files: IIS Logs ,Application Logs & Perfmon Csv file.
Then you don't need to restart Logstash to pick up additional files (unless you need to change the filter configuration to support those files), but you may have to restart Filebeat on the machine(s) where you've changed the input configuration.
Thanks! Magnus 
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.