I followed this tutorial to get it all installed on my machine. The machine I installed everything on is windows server 2008, and I am remoting into it from my windows 7 computer.
https://www.ulyaoth.net/resources/tutorial-install-logstash-and-kibana-on-a-windows-server.34/
From what I can gather, there is no information being shipped to elasticearch yet. I'm not really sure if its a problem with my nxlog/logstash setup or my network settings. I've already opened all the appropriate ports. Can someone help me troubleshoot this issue? Let me know if you need anything else. Thanks!
When I check and see if elasticsearch is running with localhost:9200 I get:
{
"status" : 200,
"name" : "Electro",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "1.7.2",
"build_hash" : "e43676b1385b8125d647f593f7202acbd816e8ec",
"build_timestamp" : "2015-09-14T09:49:53Z",
"build_snapshot" : false,
"lucene_version" : "4.10.4"
},
"tagline" : "You Know, for Search"
}
Here is my logstash.conf and nxlog.conf files.
nxlog.conf
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension json>
Module xm_json
</Extension>
<Input iis_ELKstack>
Module im_file
File "C:\inetpub\logs\LogFiles\W3SVC1\u_ex*.log"
ReadFromLast True
SavePos True
Exec if $raw_event =~ /^#/ drop();
</Input>
<Output out_logstash>
Module om_tcp
Host loghost.elkstack.net
Port 5544
OutputType LineBased
</Output>
<Route IIS>
Path iis_ELKstack => out_logstash
</Route>
logstash.conf
input {
tcp {
port => 5544
}
}
output {
elasticsearch {
host => "loghost.elkstack.net"
protocol => "http"
}
}
