Need help in configuring the logstash on windows box

I am new to this can you guide me how to capture the data from /var/log/messages based on some keywords and want to see the messages on dashboard/send an email.


  1. need to read the /var/log/messages for keywords like 'restart'/'event'
  2. capture the data from that message (above 5 lines and below 5 lines)
  3. captured data need to be written in to log file with timestamp
  4. that file need to be sent to mail

could you please help me how to do this basic code. I will enhance based on my requirement

What do you have at the moment?

Hi Mark,

I have installed Elasticsearch, logstash , kibana . all the services are up and running.

I am able to open kibana service in my browser.

But i want to configure my local database system and capture the data rom /var/log/messages based on some keywords.


There is no /var/log/messages on Windows though?

/var/log/messages is path on database machine , from there we can collect the information.

I want collect these messages on dashboard using logstash, kibana and elasticsearch.

Could you please help me how can I perform these task as i mentioned above.


Then you need something like filebeat to sent that to an LS instance on your Windows machine.