I have installed logstash on all my application servers (windows) and using contrib plugin (WMI) I was able to read windows performance counter data, my application log files and output the data to central elasticseach server.
Now based on some research I found that the best way is to install only the logstash forwarder on the application servers and then output the data to central logstash shipper => Redis => logstash indexer and then finally to elasticsearch.
To achieve this design I need to find a way to read performance counter data from logstash forwarder. All the resources on the net only talks about how logstash forwarder can tail a file and send the information to logstash shipper but none of them tasks about reading performance counter or using WMI in logstash forwarder. Can someone help me with this approach?
Thanks
I'm looking into very much the same thing. I've found this little project that someone has done. I haven't tried it yet but it looks promising. http://bladesdev.com/winforwarder.htm
The other way people seem to get logs out of Windows is with NXLog. http://nxlog.org/products/nxlog-community-edition/download
It trust this helps. ;-)