Hi,
I’m new of Graylog (I’m using v2.2.3).
I have this scenario where I need to recover 2 different log (csv and aux) file that comes from 2 different machine.
How many filebeats I need to create? I created 2 input that are listening on 2 different port (5044 and 5045)
Then the relative configurations.
I can see on System->Collectors two entry (correclty).
What I cannot see is the message in the Streams. I seems that just the first is working.
Is my configuration correct?
Can somebody help me to understand this situation?
you should have one collector-sidecar on every server that you want to be able to get files from. Those can all use the same input at your Graylog server.
Hi @jan,
thanks for your answer.
In my scenario I have 2 collector-sidecar as I have 2 server that I want to get file from.
The first generate a csv file, the second an aux one.
So are you suggesting me to create one input for 2 (or more) different server?
Ok it makes sense.
But when you define a input, you can add static fields. With different inputs, for example, I can add different field values (i.e. COUNTRY that depends from the server where the file is read).
Do you think is the same if I move this static fields from input to collector input configuration?
So to implement your suggestion, only for my understanding, the 2 sidecar need to have, in the filebeat.yml, the same output logstash hosts, isn’t it?
sidecar is only one agent that controls filebeat. filebeat is what you can configure in the graylog web interface. you can have as many files as you like that are send over to graylog. every file (input) can has their very own static fields defined in the collector sidecar input configuration.
