I have installed ELK 6.4.0 in Windows environment, I configured winlogbeat for Windows logs and it works fine.
Now I'd like to collect Exchange logs, so I have used filebeat but it is a little bit difficult to search some data because all data are in one field message. I found something like this http://robwillis.info/2017/05/elk-5-setting-up-a-grok-filter-for-iis-logs/ and I'd like to do the same with Exchange logs, is it possible, if yes, how do this?
Are you sending your data to logstash or to elasticsearch directly? if the latter, you could take a look at the ingest node functionality of Elasticsearch.
I am sending my data to elasticsearch directly. I opened link that you mentioned and try understand how to use it.
In what file I configure / define a pipeline, processors?
Could you give an example how to do this?
it's not a file, but rather an API call. The documentation includes a few examples. You might be interested in the grok processor in particular.
Also, in order to easily debug things, I suggest you take a look at the Simulate Pipeline API
If you have further questions, please provide your full pipeline or better yet the full simulate pipeline API call.
That is the problem that I don't understand how to use that API, I'm not a programmer, I'd prefer to config a file with filter that "decompose" log file from Exchange to be more readable.
I have read about the grok procesor and it could be a solution for my data.
What should I do if I'd like send data to logstash?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.