Page 3 of 3
Re: Hosts dropped to 1
Posted: Mon Jan 12, 2015 6:11 pm
by tgriep
Could you try deleting the Listener for the Windows Log files and recreate it?
After that, reboot your server and see if they start logging after 10 minutes of running.
Re: Hosts dropped to 1
Posted: Tue Jan 13, 2015 9:41 am
by itbilling
Where would that be located?
Re: Hosts dropped to 1
Posted: Tue Jan 13, 2015 11:01 am
by tgriep
Click on "Administration", "Global Configuration" if where the inputs are defined.
You should see one in there called "Windows Event Log (Default)"
Lets try and disable it by clicking on the "Active" button next to it to make it Inactive.
Now click in the "Add Input" button, "Custom" and create a new input called "New Windows Event Log" and past this in to the field.
Code: Select all
tcp {
type => 'eventlog'
port => 3515
codec => json {
charset => 'CP1252'
}
}
Click "Save and Apply"
Try that and see if that works for you.
Logserver.png
Re: Hosts dropped to 1
Posted: Tue Jan 13, 2015 12:10 pm
by itbilling
That seems to have no change, I'm still not receiving any logs and showing only one host.
Re: Hosts dropped to 1
Posted: Tue Jan 13, 2015 12:47 pm
by tgriep
Could you run this and post the output?
Re: Hosts dropped to 1
Posted: Tue Jan 13, 2015 1:21 pm
by itbilling
I turned off the firewall, I can turn it back on if needed, but it wasn't working before I turned it off either:
iptables: Firewall is not running.
Re: Hosts dropped to 1
Posted: Tue Jan 13, 2015 2:34 pm
by tgriep
The firewall being off is OK for now.
Can you go to "Administration", "Cluster Status" and show us a screen capture of that?
Re: Hosts dropped to 1
Posted: Tue Jan 13, 2015 2:50 pm
by itbilling
See Attached.
Re: Hosts dropped to 1
Posted: Tue Jan 13, 2015 5:27 pm
by cmerchant
With the firewall down, you can issue this query to the backend of logserver:
Code: Select all
http://192.168.4.55:9200/_plugin/head/
and show us a screen shot, it should look something like this:
screen.png
s:
send us the output of that screen. Thanks.