I am new to Graylog and trying to setup apache access logs and error logs. I have used ELK stack once where it go like Beats>Logstash(do some formatting of log using gork) > elasticsearch (update template to consider responsecode and responsetime as number)> Kibana
In Graylog what would you suggest the best approach to ship logs and format the logs. I see there is an extractor option avilable.
So if i send the logs from beats directly to graylog, would it extract and format the log and then store it in elastic search?
would I need to do anything in elasticsearch to consider the field and number?
You can ingest messages via beats to Graylog and all that you done before is done with Graylog.
thank for the info can you please help me with how to setup file beat to send to Graylog and What needs to be configured in Graylog.
Simply configure your *Beat to send its message directly to Graylog (using the “logstash” output) and create a Beats input in Graylog.
You can also use the Graylog Collector Sidecar to manage the *Beat for you: http://docs.graylog.org/en/2.2/pages/collector_sidecar.html
Thanks I did it with graylog collector sidecar method to manage the Beats.
I would like to know if there is any advantage or disadvantage going with directly with *Beat to Graylog than going with Sidecar to Graylog?
with direct beat usage you are going to configure the beats on every system that sends the messages by yourself (or your configuration management) and with sidecar you can manage the configuration within the graylog web interface.
for me information read the documentation.
Can you please suggest with step by step procedure to get the apache logs. I have followed the below process.
Step 1) Installed the nxlog in centos
Step 2) installed the collector side car
Create the input as beats but no luck to get the logs.
Can you help me
You can check this link. https://gist.github.com/GaryRogers/85c8f2a805010ceeccc6
I created a Graylog Input and have used rsyslog to forward the logs.