This helped a LOT. Thank you, sir.

High quality content :) Keep up the good work +1 sub

Nice one, continue good work

Muy buen trabajo, te felicito 👏

Great! Many thanks for this Video

This is very helpful thank you !!

Great video

Thank you for the information video, can you suggest if in case i have multiple pods running and i am capturing logs of all application pods on one common persistent storage mounted /var/log what could be possible input string

Perfect. Thanks!

thank u. it was Grate and useful

كل الشكر و التقدير على هدا العمل الجميل شكرا اخي

Hello Ali - @ 9:18 - how do you know that is the format? can you explain a bit more how you identify such a format?

What can I do if I don’t want to define the hosts for fortinet? because I want to send the logs from multiple fortinet FW Can I remove hosts line?

HI Ali , i have FortiAnalyzer and want to ingest the log to security onion , could i send it directly or should i have syslog vm between FAZ and security onion . what is the best scenario to do this . thanks for your help

I would like to see data from DB being pipelined with logstash and loaded into Elasticsearch 8.2.2

Thank you Can you please do cisco routers and switches integration

which one is better depends on performance, send log via filebeat or via logstash?

Very nice. Thank you. Esselamu Aleykum.

Wonderful, thank you sir very informative

how we can get the log from more thaan 1 network device forti ?

logs are not coming to elastic search from syslog server. we done as "enroll in fleet" way? can u pls help me with this issue ?

thanks a lot bro. it very useful. Can you explain more about create index for firewall log?

Hi Ali, thank you for this video. Right now, we are facing issue to integrate log of Fortigate using Logstash+Elasticsearch+Kibana. We have an issue with the grok from Logstash to create indexing in Elasticsearch.

Nice Vid Ali Can you make this Elastic, Kibana, Logstash Videos for Windows Server 2019/2022 or Windows 10?; and perhaps ingest data from an SQL Database server; if at all possible. Thank You.

Hi Ali. Thank´s for the video. At this moment I am getting an error which does not allow me to continue. The port is occupied by java, therefore when starting the logstash it tells me "The address is already being used (bind) port: 5144". (Address already in use - bind)

Nice Vid Ali - very helpful - Question - can Logstash conect securely to Elasticsearch using an API key instead of sending a username and password thru the .conf file? perhaps configuring such API key in the logstash.yml or placing it in the filexyz.conf file used to connect to elasticsearch. Generate the API key in Kibana with logstash-user role and index permissions to publish such logs from logstash into Elasticsearch. Thanks for your previous response to making such video series in Windows servers. - Cheers

Hi, it is possible to write SNMP input plugin or it is hard work?

i have the error: Failed to perform request {:message=>"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

Why is that required? I'm new to elastic but I understand from their documents that they have Fortinet integration so I would expect them to be able to parse that without me doing all that stuff manually?

Can you pls help whats the rest of the filter in the fortigate.conf? I cant see the whole code. mutate{ remove_field => ["@timestamp", "host", "@version",................................

Hi, This is very helpful thank you but It would be much better if you could upload the config file as well.

Could you demo how to use fortigate agent on ELK?

Great video, tnx! But why you use this primitive Putty instead let's say... MobaXTerm or another handy client?

can you check and work with opnsense as well?

Hello, thank you for the tutorial, it was fine until I had to start the logstash service, from then on I no longer received the logs, in my case from a Cisco switch, even though I also gave permissions to the certificate and I still do not receive the logs. I runt again the command /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/cisco.conf -r and there I receive the logs , I don't know what I did wrong, but it doesn't work normally for me

When I run logstash I get this error no configuration found in the configured source

Hi man, thanks for the video it's excellent but can you pls give me more explanation about the command in min 7:30 I didn't get it

match => {"message" => "%{SYSLOG5424PRI}%{GREEDY$} is truncated from the video, the window size is hide the rest.

Hello Ali, I'm new to ELK and wanted to ask if you've ran into the problem I am encountering or if you can provide guidance. I am experiencing the issue you encountered at the end of the video where the logstash service stops and stops presenting data on Kibana. I've attempted to restart the logstash services and modify permissions for logstash, but I continue to encounter an issue. I ran a journalctl with logstash.service and notice the error below. Would you be able to provide guidance on this? [INFO ][logstash.config.source.local.configpathloader] No config files found in path {:path=>"/etc/logstash/conf.d/*"} [ERROR][logstash.config.sourceloader] No configuration found in the configured sources.