Hi, i'm currently working with Filebeat and i would like to know if there is a way Filebeat gets logs from 1 remote Windows server then if the the server is down it will get logs automatically from a different server. I don't know if i am making any sense but any help would be very much appreciated cause i was trying to incorporate high availability on Filebeat so that there is no downtime on sending data in Elastic Search. Thank you very much.
@grazia0912 welcome to discuss 
What kind of logs are you interested on collecting from the Windows server?
If they are Windows Events take a look to Winlogbeat: Winlogbeat Overview | Winlogbeat Reference [7.11] | Elastic
If you can install Winlogbeat in your server, you can directly send its events to Elasticsearch. If not, you can use Windows Event Forwarding to send the events to another server where Winlogbeat can collect these logs.
Hi @jsoriano thank you for your response, my filebeat is collecting only from a .log file generated by my windows service.
Then Filebeat is already sending the logs as soon as they are collected. There is little else it can do if the server goes down.
Are you expecting logs to be sent "faster" in case the server goes down?
Perhaps I am not understanding the problem 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.