Hi all,
I installed graylog (server 1). I want to send logs from a different server (server 2) to the graylog server useing filebeat. Both servers use ubuntu.
In graylog i created a Log Collector with the correct port and a beats input also with the correct port.
On server 2 I installed sidecar and filebeat. See filebeat file screenshots.
I can’t see anything wrong about this configuration.
Hope you guys can help. Thanks in advance.
Sorry I can only paste 1 attachment at a time.
Sidecar is tricky to use because the editor uses YML files. One wrong space and you will get an error.
Look into your sidecar and see if the sidecar config is running with a machine.
If not maybe you missed to attach the sidecar config to a specific machine
or it is something else.
If you sending logs from a different machine to Graylog, the Input has to be global with the right Graylog IP. I think you use a 0.0.0.0. That only works to collect logs on a local machine.
Hello && welcome @Joep
I believe Graylog Sidecar is a wrapper for filebeat , so if you installed Graylog sidecar it comes with filebeat already, all the configurations are done through the Web UI.
I see in this screen shot you did configure filebeat, from there it gets attached to the node ( server2) on the Web interface. Once you setup GL Sidecar you should see the status of server 2 “Running”,
Under Administration tab is where you attach the File beat configuration.
Thanks for the help!
I fixed the problem.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
