Hi, it is possible to send windlogbeat to logstash and then logstash send via tcp or syslog to an other logstash.
Winlogbeat --> Logstash -tcp/syslog-> Logstash --> Elasticsearch
regards
Felix
Yes, it is possible, you can see in the documentation how to connect the two logstash instances. But take into account that tcp output to tcp input logstash communication doesn't provide any guarantee and there can be data loss.
Thanks jsoriano. But lumperjack provide this guarantee?
Yes, lumberjack can be more safe for your case. Also, if it fits in your architecture, you can consider to introduce a queue between both logstash.
Just curious, why do you have two chained logstash instances?
Just curious, why do you have two chained logstash instances?
Because of the network architecture.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.