Difference between revisions of "Filebeat"
From DarkWiki
(→Installation on Ubuntu) |
(→Configuration) |
||
| Line 12: | Line 12: | ||
==Configuration== | ==Configuration== | ||
| + | |||
| + | Stored as `/etc/filebeat/filebeat.yml` | ||
<source lang="yaml"> | <source lang="yaml"> | ||
Revision as of 10:27, 9 September 2019
Installation on Ubuntu
From repositories (see https://www.elastic.co/guide/en/beats/filebeat/current/setup-repositories.html)
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update && sudo apt-get install filebeat
sudo update-rc.d filebeat defaults 95 10
Configuration
Stored as `/etc/filebeat/filebeat.yml`
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/*.log
- type: container
enabled: true
paths:
- "/var/lib/docker/containers/*/*.log"
tags: ["json"]
json.keys_under_root: true
json.add_error_key: true
json.message_key: message
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
output.logstash:
hosts: ["localhost:5044"]
ssl.enabled: true
ssl.verification_mode: none
ssl.certificate: "/etc/filebeat/logstash-beats.crt"
ssl.key: "/etc/filebeat/logstash-beats.key"
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
