First of all, I am using version 6.3.2 for all the beats and elk stack.
I have elk setup on centOS 7 and the node is windows server 2012 r2, I was able to filter IIS logs by using below filter.
The issue is I have a path having custom logs, I have grok pattern also for it, but IDK how to add that filter with the above existing filter
In the filebeat.yml I have added the path of the log but it uses the pattern of the iss.
ANY HELP!
PS. I have not used iis module because it does not works with iis 8.5.
Alternatively, you could extend the existing pipeline of IIS module of Filebeat. You need to edit module/iis/access/ingest/default.json or module/iis/error/ingest/default.json depending on which fileset you need. A new pattern can be added to the list of processors/grok/patterns, so Ingest node can match your logs. But this requires you to forward events to Elasticsearch.
Feel free to open a pull request on Github with the pattern. It would be appreciated if you contributed it for IIS 8.5.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.