I'm new to ELK. My setup is I have a dedicated server for ELK and I have two servers to which I will get the logs which are windows event logs. Here are my questions:
Do I need to install a log shipper for each of my 2 servers(source of logs)? What logs shipper is the best?
What really happens when logs are shipped to ELK? Are the logs copied to the ELK server making it the central repository of logs?
Since in windows logs are archived when it reaches a certain file size, can ELK be able to read archived windows event logs?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
