With Logstash we can collect the logs of WinCC OA systems and write it to Elasticsearch. Multiple WinCC OA system’s can be observed with a central log database…
With Kibana the logs can be easily discovered – I now see errors what i haven’t seen before in my system…
In parallel the log messages are written to Apache Kafka. With Apache Spark we can now observe the log streams and detect anomalies… a very simple observation could be to just simple count the amount of log messages per timeframe …
WinCC OA logstash configuration file: winccoa-logstash-conf