I have an elasticsearch server which has had data shipped to it by logstash. This data is just a dump of a servers windows logs. I've been using it to test the basic setup of ELK.
Now I'd like to move to something closer to production.
I'd like to stop shipping my windows logs (which is fine I know to edit the WinLogBeat config).
Delete data in my ES index (and any data on disk) and populate it with the my new data.
I understand that I'll need to stop ElasticSearch first.
I've deleted my index (It was WinLogbeat not Logstash per previous reply) and now I am really stuck.
What I want to do is send the contents of the the windows log "ForwardedEvents" to Logstash -> Elasticsearch.
But I can't seem to recreate the index.
When I launch Kibana it says I have to set up the index again (as though it's a 1st time install) I've tried typing winlogbeat-* and logstash-* but the "Next" button is greyed out and it's not picking up data.
All that's changed:
On Kibana in the console typed delete winlogbeat-*
On winlogbeat. Stop service. Comment out default windows logs.
Add line -name: ForwardedEvents
Restart Winglobeat.
But nothing has happened.
Aside from the delete and modification of the winlogbeat.yml nothing has changed.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
