In this guide I will show that it is also possible to run Logstash on a Windows Server 2012 machine and use IIS as web server. This guide probably requires some improvements and optimizations but it should give you a good example of how to set everything up.
Please, be aware that you will probably have to configure Kibana in a different way then I did to make everything look shiny, and you will probably have to use a different kind of logstash configuration to make things show as you would like. I am also aware that Logstash provides all-in-one pages that have ElasticSearch and Kibana built in, however I still feel setting things up separately is more appropriate.
The config below is just meant to be an example to show that everything works just as fine on Windows as it does on Linux.
If you are interested in Linux then please have a look at my other guide at:
http://blog.basefarm.com/blog/how-to-install-logstash-with-kibana-interface-on-rhel/
Now lets start with the guide!
Step 1: Download Logstash, Kibana and ElasticSearch.
Simpely go to “http://www.elasticsearch.org/overview/elkdownloads/”
Logstash: https://download.elasticsearch.org/logstash/logstash/logstash-1.4.2.zip
Kibana: https://download.elasticsearch.org/kibana/kibana/kibana-3.1.0.zip
Elasticsearch: https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.2.1.zip
Step 2: Extract all packages
I created myself a folder called “basefarm” in “c:\basefarm\” and extracted all folders there to make it easier.
So, for me it looks like this now:
c:\basefarm\elasticsearch
c:\basefarm\kibana
c:\basefarm\logstash
Step 3: Download the JDK version of Java and install it.
Go to the Java website: http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
Accept the license and then download: “Windows x64 (jdk-8u5-windows-x64.exe)” package.
Now install it!
Step 4: Add the JAVA_HOME variable to the server
Now right click on “This PC” and choose “Properties” on the right bottom site next to your computer and full computer name click on Change settings.
On the window that opens go to the Advanced tab and click on “Environment Variables”.
at the bottom box called “System Variables” click on “new” and add the following:
Variable Name: JAVA_HOME
Variable value: C:\Program Files\Java\jdk1.8.0_05
It should look like this:
Step 5: Download the required configuration files
Logstash.conf:https://github.com/sbagmeijer/ulyaoth/blob/master/guides/logstash/windows/logstash.conf
Place this file in:
C:\basefarm\logstash\bin
ulyaoth.json:
https://raw.githubusercontent.com/sbagmeijer/ulyaoth/master/guides/logstash/kibana/dashboard/ulyaoth.json
Place this file in:
C:\basefarm\kibana\app\dashboards
rename “ulyaoth.json” to “basefarm.json” so you end up with “C:\basefarm\kibana\app\dashboards\basefarm.json”.
Step 6: Configure Kibana & Logstash
Open the file: C:\basefarm\kibana\config.js
and change the following line:
default_route : ‘/dashboard/file/default.json’,
to:
default_route : ‘/dashboard/file/basefarm.json’,
Now open the file: C:\basefarm\kibana\app\dashboards\basefarm.json
and change the following line:
“title”: “Ulyaoth: Logstash Search”,
to:
“title”: “Basefarm: Logstash Search”,
Step 7: Install IIS
Go to “Server Manager” and choose “Add Roles and Features Wizard” from the list here choose “Web Server (IIS)” now go further and let it install.
Step 8: Open IIS Manager and stop the “Default Web Site”
Just press the stop button like you see below in the picture:
Step 9: Create a new website for Kibana as shown below
Right click on “sites” in the left part of IIS Manager and click “Add Website”.
Fill it in something like this:
It should automatically start.
Step 10: Start Elasticsearch and put it on auto-start
Open a console and go to “c:\basefarm\elasticsearch\bin\”
now type the following command:service install
You should see something like:
Now type the following:service manager
You should see the elasticsearch service manager:
You have to change on the tab the “Startup type” from Manual to Automatic and then press “Apply”. This should make Elasticsearch start automatically on server boot.
This window contains some more options such as how much memory Elasticsearch will use. You can find this under the “Java” tab. I would suggest to make this fitfor your server if you have a server that will handle a huge amount of logs. I would increase the “Maximum Memory Pool: 1024” at least to a higher amount.
Before you close the window make sure to press “Start” so it actually will run right now 
This is everything to start ElasticSearch automatically on boot. To test that it is working, open a browser and go to this url: http://127.0.0.1:9200/
If you see a json string something like what you see below in the picture then it means it is running:
Step 11: Start Logstash & Autostart it
For this step we need another small program to create a proper Windows service, so please go ahead and download “NSSM” (the Non-Sucking Service Manager) from: http://nssm.cc/http://nssm.cc/release/nssm-2.23.zip
Once you have the zip file simply unzip it and copy the file from the unzipped folder you now have: “nssm-2.23\win64” (nssm.exe) to “C:\basefarm\logstash\bin” so it should result in you having “C:\basefarm\logstash\bin\nssm.exe”.
I know you technically do not have to copy this file but just to keep things clean and to have this available for any future use you never know.
Now open a Command Prompt and type:cd C:\basefarm\logstash\bin
And then type the following:nssm install logstash
You will now see a GUI to create a server fill in the following:
Path: C:\basefarm\logstash\bin\logstash.bat
Startup directory: C:\basefarm\logstash\bin
Arguments: agent -f C:/basefarm/logstash/bin/logstash.conf
It should look like this:
If all looks okay double check on the “Details” tab that “Startup Type” is set to “Automatic” and then press “Install service”. This should be all for Logstash to automatically start on server boot.
If you wish to adjust the memory Logstash does use then simpely open the file “C:\basefarm\logstash\bin\logstash.bat” and the change the following two lines accordingly to the amount of memory you wish it to use:
[code]
set LS_MIN_MEM=256m
set LS_MAX_MEM=1g
[/code]
Step 12: Edit your host file (optional)
This step I only do because I run everything on a test server with no internet connection.
open: C:\Windows\System32\drivers\etc\hosts
Now add:
127.0.0.1 loghost.basefarm.com
And save the file.
Now reboot your server so you can test that everything is automatically coming online.
This is all you should have to do once the server is back online you have logstash up and running so just go to:
http://loghost.basefarm.com/
And you should see:
As you can see, your Kibana IIS logs are shipped now to the Logstash instance.
Just remember, if you run this website over the internet you probably need to make sure port 9200 is accessible but I would restrict it to internal use only so Kibana can reach it but not the outside world.
If you want to ship logs from another server to your loghost server I would suggest to have a look into a program called “nxlog” (http://nxlog-ce.sourceforge.net/) this is a fairly simple way of shipping logs to Lgstash and works perfect on Wndows.
If you have any suggestions to improve this guide then please feel free to or update the configs on GitHub or to provide me the information so I can update the guide and help others!
I also would like to thank “Milo Bofacher” for pointing to “nssm” and “nxlog”!