Difference between revisions of "Filebeat"

Latest revision as of 13:33, 9 September 2019

Installation on Ubuntu

From repositories (see https://www.elastic.co/guide/en/beats/filebeat/current/setup-repositories.html)

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update && sudo apt-get install filebeat
sudo update-rc.d filebeat defaults 95 10

Configuration

Stored as /etc/filebeat/filebeat.yml

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/*.log
- type: container
  enabled: true
  paths:
    - "/var/lib/docker/containers/*/*.log"
  exclude_files:
    - "/var/lib/docker/containers/5498a596deae9e6dee765cef2f4110a545703eff151bbf113e4bb33f40470176/5498a596deae9e6dee765cef2f4110a545703eff151bbf113e4bb33f40470176-json.log"
  tags: ["json"]
  json.keys_under_root: true
  #json.add_error_key: true
  #json.message_key: log
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 1
setup.kibana:
output.logstash:
  hosts: ["localhost:5044"]
  ssl.enabled: true
  ssl.verification_mode: none
  ssl.certificate: "/etc/filebeat/logstash-beats.crt"
  ssl.key: "/etc/filebeat/logstash-beats.key"
processors:
  - add_host_metadata: ~
  - add_docker_metadata:
      host: "unix:///var/run/docker.sock"
      match_fields: ["system.process.cgroup.id"]
      match_pids: ["process.pid", "process.ppid"]
      match_source: true
      match_source_index: 4
      match_short_id: false
      cleanup_timeout: 60
      labels.dedot: false

Difference between revisions of "Filebeat"

Latest revision as of 13:33, 9 September 2019

Installation on Ubuntu

Configuration

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools