I set up ELK in centos server and use beats as a log colector.
this is my network :
centos 7 : instaled ELK with ip (ex: 192.168.1.10)
windows server 2012 r2 : instaled Web server (iis server) with ip (192.168.2.10)
windows server 2012 r2: instaled sql server 2014 with ip (192.168.3.10)

i want to use logstash as a output for all beats ..
firts i setup winlogbeat,
this is my setup up :

my logstash config :
output.logstash:
hosts: ["192.168.1.10:5044"]
my ilm setup :
setup.ilm.enabled: auto
setup.ilm.rollover_alias: "winlogbeat"
setup.ilm.pattern: "{now/d}-000001"
setup.ilm.policy_name: "winlogbeat_policy"

after that i run use this :
.\winlogbeat.exe setup -E output.logstash.enabled=false -E output.elasticsearch.hosts=['192.168.1.10:9200'] -E setup.kibana.host=192.168.1.10:5601

===================================
all good work , BUT after 5-6 ahour leter IN elasticsearch , i get some error

image1086×501 43.9 KB

thanks for help

Set up ELK in centos server and use beats as a log colector.

this is my network :
centos 7 : instaled ELK with ip (ex: 192.168.1.10)
windows server 2012 r2 : instaled Web server (iis server) with ip (192.168.2.10)
windows server 2012 r2: instaled sql server 2014 with ip (192.168.3.10)

i want to use logstash as a output for all beats ..

firts i setup winlogbeat,
this is my setup up :
my logstash config :

• output.logstash:
  hosts: ["192.168.1.10:5044"]
  my ilm setup :
  setup.ilm.enabled: auto
  setup.ilm.rollover_alias: "winlogbeat"
  setup.ilm.pattern: "{now/d}-000001"
  setup.ilm.policy_name: "winlogbeat_policy"

after that i run use this :

.\winlogbeat.exe setup -E output.logstash.enabled=false -E output.elasticsearch.hosts=['192.168.1.10:9200'] -E setup.kibana.host=192.168.1.10:5601

all good work , BUT after 5-6 ahour leter IN elasticsearch , i get some error

image1123×475 40.6 KB

i check ilm and get the result error

image1315×528 46.8 KB

thanks for help

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.