Hi,
First of all i'm not sure it this is the right place to post this, but i'll give it a shot.
I've several windows servers running filebeat sending IIS logs to logstash. I need some way to differentiate between them to be able to tell which server sent which log so that I at some time later in Kibana can view data from "all logs from server X". What's a good solution to this?
An example would be greatly appreciated.
Logstash configuration:
input {
beats {
port => 5044
}
}
filter {
grok {match => ["message", "%{TIMESTAMP_ISO8601:log_timestamp} %{IP:serverIP} %{WORD:method} %{URIPATH:uriStem} %{NOTSPACE:uriQuery} %{NUMBER:port} %{NOTSPACE:username} %{IPORHOST:clientIP} %{NOTSPACE:userAgent} %{NOTSPACE:referer} %{NUMBER:response} %{NUMBER:subresponse} %{NUMBER:win32response} %{NUMBER:timetaken}"]
}
}
output {
elasticsearch {
hosts => ["http://X.X.X.X:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
Best regards
Rasmus Gärdekrans