Ship logs from your IIS Websites to logstash
Download the Filebeat Windows zip file from the official downloads page.
Extract the contents of the zip file into C:\Program Files.
filebeat-<version>-windows directory to
Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator). If you are running Windows XP, you may need to download and install PowerShell.
Run the following commands to install Filebeat as a Windows service:
PS > cd 'C:\Program Files\Filebeat' PS C:\Program Files\Filebeat> .\install-service-filebeat.ps1`
Setup the data you wish to send us, by editing the prospector path variables.
These fully support wildcards. You can also add a document type.
An example with nginx logs might look like
filebeat.prospectors: - type: log enabled: true paths: - C:\inetpub\logs\LogFiles\*\* fields: type: iis fields_under_root: true encoding: utf-8 exclude_lines: ["^#"] exclude_files: [".zip"] ignore_older: 24h
We'll be shipping to Logstash so that we have the option to run filters before the data is indexed.
Comment out the elasticsearch output block.
## Comment out elasticsearch output #output.elasticsearch: # hosts: ["localhost:9200"]
Uncomment and change the logstash output to match below.
output.logstash: hosts: ["your-logstash-host:your-port"] loadbalance: true ssl.enabled: true
Let's check the configuration file is syntactically correct.
Run from the extracted archive dir
filebeat -e -c filebeat.yml
Ok, time to start ingesting data!
PS C:\Program Files\Filebeat> Start-Service filebeat