Sidecar, Filebeat and IIS logs for 3.0


#1

Does anyone have a configuration for using filebeat to collect and decode the IIS fields ?
The current supplied one in 3.0 RCx only has details of the collection of general logs and not IIS specific.
I tried to follow the ELK FileBeat details for IIS collection and decoding but it appears to be too ELK specific. I also noticed that the current supplied sidecar filebeat template uses the deprecated parameter '-input_type: ’ instead of '- input: '. This was an easy fix in the filebeat template but may need to be fixed before the final version of Graylog 3.0 is released.