HI Team,
I am looking for an option by which I can send logs from my Windows machine running Filebeat to my Graylog server running on different Linux machine. I had came across many options can you suggest which will be better option for future, if I grow with more number of Windows machine running Filebeat.
I had setup Filebeat with some initial configurations and created input GELF TCP on Graylog.
Kindly help me in providing right track.
if you run filebeat, you need a beats input on Graylog to receive the messages.
Hi Jan,
Can you share the steps for direct Filebeat to Graylog setup (with some screenshots)?
And meanwhile I had setup the Graylog Sidecar on Windows machine and made the necessary configuration on Graylog as per link “https://docs.graylog.org/en/3.0/pages/sidecar.html#sidecar-step-by-step”, where configuration is using winlogbeat but I am not any data on Graylog and seeing this error in winlogbeat log file.
What are your Log Collector (winlogbeat) settings? Asking because I didn’t see it…Also, under sidecar Administration, is the the configuration applied? It is interesting that in your sidecars overview the machine is called “graylog-sidecar” - the hostname should be there… Once it is connected the Graylog server will push the configuration down to the client into c:\program files\Graylog\sidecar\generated\winlogbeat.conf and you will also see winlogbeat.yml and meta.json in C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
Here are some snaps from my config other than the ones you have posted…
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
