Looking for some help. it just may be my lack of understanding of how Graylog works and what is needed.
Summary - How do I configure Graylog to read non-syslog type logs? We have home-grown applications running on a Linux system (Redhat 7.4) that produces logs. The format and methodology for creation of these logs were defined in-house along time ago and don’t meet any current format standards. I can’t seem to get Graylog to read/input these logs. I’ve been able to follow the Graylog “tutorial” and get Syslogs to show up but not our application specific logs
Background - I’m running VMs running RHL 7.4. I’m using Graylog 2.4.3, ElasticSearch 5.6.8 and Filebeat 6.2.3. I did not download any of the side-car collectors.
ElasticSearch (5.6.8) is running fine, I can see the “harvester” running in the Filebeat logs. I’ve tried following the same steps for Syslogs to create inputs for our custom logs but selected “Beats”, but nothing shows up, no messages, input stream, etc. Is this an issue because I’m using Filebeat Version 6 and Graylog is not compatible with Filebeat version 6.x (same incompatibility with ElasticSearch 6) Do I need to install a previous version of Filebeat?
Or do I need to I need a side-car collector for custom logs? Please let me know if I’ve not provided enough/adequate information