I have been using ELK for a few days now and I have a question that I can not solve, I will try to explain to you so that you can better understand:
I schematize:
I have a switch, configured to send its syslog logs to 192.168.10.10.
On this 192.168.10.10 server, elastic and logstash are running quietly, the index (IND1) is created when I receive the data.
I have another switch, configured to send its syslog logs to 192.168.10.20
On this 192.168.10.20 server, elastic and logstash are also running quietly, the index (IND2) is created when I receive the data.
What I would like to do is visualize using Kibana on my 192.168.10.20 server the index of the first switch and the index of the second switch.
192.168.10.20 (Kibana) recovers IND1 of 192.168.10.10 and IND2 of 192.168.10.20
In the pipeline of my server 192.168.10.10 is use the index name : "logstashfpe1"
In the pipeline of my server 192.168.10.20 is use the index name :"logstashfpe2"
And i would like to visualize these two index in only one Kibana.
I just made a small drawings to facilitate understanding :
Ideally you want a single cluster and both Logstash instances send to that cluster.
Then you can put the different logs into one shared index, or different ones.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
