Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Filebeat XpoLog Integration

XpoLog’s architecture allows receiving data sent by logstash from JSON data objects. In order to do this, a HTTP/S listener account should be created in XpoLog for receiving the data on a specific network port, and the XpoLog logstash output should be sending data to this listener. 

 

Technical Details

The Filebeat configuration file should look like the following:

 

filebeat.inputs:

- type: log

enabled: true

# Paths that should be crawled and fetched. Glob based paths.

paths:

- FULL_PATH_TO_LOGS_DIRECTORY/FILE(S)
# Examples: 
# - /var/log/*.log
# - c:\programdata\elasticsearch\logs\*

fields: {apptags: "App1,Location1",app: "App1", logname: "App1_LOG_NAME_1", filename: beat.source}

filebeat.config.modules:

path: ${path.config}/modules.d/*.yml

reload.enabled: false

setup.template.settings:

index.number_of_shards: 3

output.logstash:

hosts: ["<LOGSTASH_HOSTNAME>:<PORT>"]
#Example:

# hosts: ["localhost:5044"]
# Note that 5044 is the default port set for Filebeat output

# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"

# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"