I currently have a logstash server, Elasticsearch server, and kibana server. I am able to send logstash local data using stdin from LS to my ES instance and I can interact with Kibana, but now I am trying to use a windows server 2012 r2 machine to send a log file to Logstash indexer.
Do I need logstash-forwarder (as a shipper)?
Do I need Redis (a broker)?
What would my logstash config file look like?
You'll have to decide how to transport the messages off of the machine. As mentioned you could indeed have Logstash ship the messages to a Redis broker (using the redis output) and you'd have your central Logstash instance use a redis input to pull those messages.
You could also use the lumberjack protocol to ship the messages directly to the central Logstash instance. Then you'd use a lumberjack output on the Windows box and a lumberjack input on your central instance. The infrastructure for this is slightly less complicated and you could easily replace Logstash on the Windows machine with logstash-forwarder since it support the lumberjack protocol (and only that protocol).
So I have downloaded and tried to install logstash-forwarder on my server 2012 box, but nothing seems to happen and I check processes and I don't see it running...
What should happen when trying to install logstash-forwarder on windows server machine?
What would you suggest to run the LSF .exe? I was just trying to double click it...
Please read the documentation. The second line of the Configuring section shows you to start LSF and a couple of lines down there's a configuration file example.
"
setting trusted CA from file: /etc/pki/tls/certs/logstash-forwarder.crt
Failure reading CA certificate: open /etc/pki/tls/certs/logstash-forwarder.crt: The system cannot find the path specified.
The documentation contains an example of how you can create key and certificate files using OpenSSL. You can get that program from the cygwin distribution and there are possibly other Windows ports of OpenSSL. I'm sure there are other native Windows programs for generating X.509 certificates. It's a standardized format.
I have the following LSF config. I am getting a Failed message cause it can't "open /certs/lsfcert.crt: the system cannot find the path specified"
I am not sure how to specify the file path. The LSF.exe and LSF.conf are in the same directory and the the SSL folder is in the same directory as well.
Yes, except that I don't think you have ES running on port 5601. That's the Kibana port. By default ES's HTTP interface runs on port 9200. However, by default the elasticsearch output doesn't use HTTP so you'd have to specify port 9300. I suggest you just drop the port altogether. As long as you stick to the defaults you don't have to specify it explicitly.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.