Hi Team,
We are planning to gather IIS logs using ELK stack. We will be using filebeats to get the IIS logs to Elasticsearch server (this will also be the kibana server). Does logstash send the complete log file to elastic search? We are confused with the disk size (storage capacity) for this server - we have daily IIS log files aggregating to size of 40GB from across multiple web servers. Please advice.
Thanks.
Does logstash send the complete log file to Elasticsearch?
That depends on how you configure Logstash.
We are confused with the disk size (storage capacity) for this server - we have daily IIS log files aggregating to size of 40GB from across multiple web servers.
The disk space requirements depends on what you do with the logs. Which fields will you be extracting, for example? Will you enrich the log events in any way? Which version of Elasticsearch? To get a reasonably exact approximation you'll probably have to ingest a decently sized chunk of test data and see how much space it occupies.
Where do i see the configuration setting? The purpose is to aggregate complete IIS log files to view the live logs in kibana. The logs should be retained for 15 days on the ES server and then discarded/moved to backup server.
Where do i see the configuration setting?
In your Logstash pipeline configuration files.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.