I have not found good documentation or other posts on people who have containerized graylog only, and connect it directly to ES clusters and data sources. After ruminating on the fact that you create a beats input in graylog - that updating nf on a sidecar - which triggers the filebeat service to re-write the filebeat.yml ( A functionality that I was unable to get working, so manually created a filebeat.yml file) it seems that filebeat actually feeds another filebeat that you are to have configured on the graylog “master” node as well?!? This bit of misunderstanding on roles and responsibilities of the stack are probably my issue. I think this is due to my false understanding that filebeat was supposed to send directly to ES, and graylog somehow was aware of that. Stuck point right now is that I am unable to ship data anywhere, despite networking rules being appropriated (telnet and netcat work) I have double checked all the compatibility matrix’s I can find - have changed around versions of ES and filebeat, but still am having problems. I will include all the details I can, but I am running out of ideas for troubleshooting. Friends! I have been trying to for the last two weeks to get this project up and running.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |