Does anyone have a configuration for using filebeat to collect and decode the IIS fields ?
The current supplied one in 3.0 RCx only has details of the collection of general logs and not IIS specific.
I tried to follow the ELK FileBeat details for IIS collection and decoding but it appears to be too ELK specific. I also noticed that the current supplied sidecar filebeat template uses the deprecated parameter '-input_type: ’ instead of '- input: '. This was an easy fix in the filebeat template but may need to be fixed before the final version of Graylog 3.0 is released.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.