HI,

can you please help me on how to read log file on different Linux box, i have ELK and Filebeat installed on one Linux box i am trying to read log file from different Linux box.

Here is my Filebeat config file: (Here \alvdapp005 is the different Linux box where i have log file, but i was not able to connect to that box and read file)

filebeat.prospectors:

Below are the prospector specific configurations.

• input_type: log

  Paths that should be crawled and fetched. Glob based paths.

  paths:
  - \alvdapp005\dev\erl\ELK_TEST*.log

Two options:

• Use a network file system like NFS to share the file system on alvdapp005 so it can be mounted on the machine where you have the Elastic stack. Not recommended.
• Install Filebeat on alvdapp005 and use it to ship the logs to the box with the Elastic stack.

Thanks for reply magnusbaeck,

we tried to install filebeat on alvdapp005 which is RHEL 5, but we are getting some issues with RHEL 5 and Filebeat, while i was reading on internet also RHEL5 has some compatibility issues with Filebeat, can you please help me how to solve this issue.

My IT team wants to install Filebeat instead of NFS.

Apart from upgrading from the ancient RHEL 5 you'll probably have to look into other options like running Logstash, syslog, or fluentd to ship the logs instead of Filebeat.

Hi Magnusbaeck,

Instead of Filebeat can i use Logstash on RHEL5 to send logs to different RHEL5 machine where i have ELK stack installed? is it possible to do?

I don't remember if Logstash works on RHEL 5, but if it does you can certainly use it to read files and ship to another Logstash instance (or directly to ES).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.