I am trying to learn the elastic stack at home with a few different systems. What I am ultimately trying to apply/monitor logs for the following:
- ZFS
- Disk stats (smartmontools)
- rclone
- Docker (nginx, plex, etc - but not in a swarm/cluster/kubernetes)
- syslog
- windows logs
- NFS
I setup a trial of the elasticsearch docker container (I used 7.7.1 at the time). I was initially trying to use beats management, but worked on one machine and then stopped working for all other machines. Since then, I have tried using individual configuration files for logbeat, filebeat, winlogbeat, osquery, etc. Whenever I would run tests on the client, to see if it could successfully connect, it would say it was successful, but, no data was actually being imported into elasticsearch (at least not that I could see from the webUI).
I was wondering what I need to do to get the log files I am trying to monitor into ElasticSearch. Ultimately I want to use ELK mainly for a centralized log search tool - and maybe Splunk OpenSource or some other tool is better suited for this, but, wanted to give this a shot first.