Hi all, in this article I will explain how to import IIS logs to Elasticsearch (ES) by using Logstash and monitor them with Kibana. We will use Windows Server 2012 R2, CentOS 7.2 operating system for this setup.

Elasticsearch version: 2.4.0

Kibana version: 4.6.0

Logstash version: 2.4.0

First, declare the log definitions on IIS server.

kibana

iis2

logpath

Download the Logstash from here. After that, extract it under “C:\Program Files\logstash

conf

Edit Logstash config as follows:

Add Logstash as a windows service with NSSM (non-sucking service manager).

service-2

service2

After starting Logstash service, we can go on with Kibana settings.

You can read my Elasticsearch installation article here.

You can download Latest Kibana version from here. After installing Kibana, we need to do required settings in  “opt/kibana/conf/kibana.yml” file  as shown below pictures.

kibana1

kibana-2

You can reach Kibana from  http://kibanaserverIP:5601/app/kibana address.

kibana3[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]