Presently I have my logs and logstash running on the same machine, so I read my logs placed on my local machine with this config(using pull model)
input {
file {
path => "/home/Desktop/Logstash-Input/**/*_log"
start_position => "beginning"
}
}
Now, we have logstash running on a different machine and want to read the logs remote mechine.
Is there a way to set the ip in file input of config file?
EDIT: I manage to do this with logstash-forwarder which is a push model(log shipper/logstash-forwarder will ship log to logstash index server) but still i am looking for a pull model without shipper, where logstash index server will go and contact directly to remote host.
Take a look to FileBeat: https://www.elastic.co/products/beats/filebeat
It´s not a pull model but it seems a better choice than logstash-forwarder.
It monitors log files and forwards them to Logstash or Elasticsearh. It keeps also the state of log files and guarantees that events will be delivered at least one time (depends on log rotation speed). It's really easy to configure:
Input configuration:
input_type: log
paths:
- /opt/app/logs
Output configuration
output.logstash:
hosts: ["remote_host:5044"]
index: filebeat_logs
In the logstash side you must install and configure the Beats input plugin:
input {
beats {
port => 5044
}
}