Hi, A newbee question... I'm evaluating Winlogbeat as an option for log management of an application that has it's own custom log file on a windows-server. Is Winlogbeat only using the Windows event log as input source?
These are not the tools for log housekeeping, don't quite get why it has been suggested for evaluation! Unless of course you are also using it to ingest data into an Elastic Search datastore For file housekeeping you just need a simple script run by Windows scheduler.
I realised that I was a bit un clear. Yes, I want to rotate the log and avoid huge log files on the actual server, but I also want to ship them to our ELK environment to keep the log data for audits and trouble shooting, when needed.
My question: Is Windows Event Log the only option for Winlogbeat. Will I need another beat, and ship files if we need data from the application log file?
Alternatively to Filebeat you can use the "File" input plugin (included by default) in Logstash https://www.elastic.co/products/logstash. Logstash is the heavy duty option in that it has plenty of options to do a lot transformation and filtering on the data before it sends it to Elastic. So depending on your situation, Filebeat may suffice.
An example of using the Logstash file input plugin to add fields to log entries from an application (called Crystal in this case) log file using a wildcard as the log filenames contain a date stamp:
There is no way to use any of the Beats or Logstash to housekeep the log files that it processes. Might be a useful feature request!
NEW: Monitor These Apps!
Apache Lucene, Apache Solr and all other Apache Software Foundation project and their respective logos are trademarks of the Apache Software Foundation.
Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries. This site and Sematext Group is in no way affiliated with Elasticsearch BV.
Service operated by Sematext