Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Filebeat XpoLog Integration

XpoLog’s architecture allows receiving data sent by logstash from JSON data objectsLogstash can receive in its input raw data send by multiple Filebeat forwarders. In order to do this, a HTTP/S listener account should be created in XpoLog for receiving the data on a specific network port, and the XpoLog logstash output should be sending data to this listener.   each Fliebeat should be configured to send its data to the Logstash  along with proper tagging for each log. 


Technical Details

The Filebeat configuration file should look like the following:

 

filebeat.inputs:

- type: log

enabled: true

# Paths that should be crawled and fetched. Glob based paths.

paths:

- FULL_PATH_TO_LOGS_DIRECTORY/FILE(S)
# Examples: 
# There should be one path per log - bellow there are examples for log paths - Linux or Windows
# - /var/log/*syslog.log
# - c:\programdata\elasticsearch\logs\*

fields: {apptags: "<APPTAG_1,APPTAG_2,APPTAG_N>",app: "<FOLDER_NAME>", logname: "<LOG_NAME>", filename: beat.source}

# fields - apptags - the apptags that this log(s) will be tagged to in XpoLog - there can be more than one tag comma separated. app - the folder in the Folders and Logs that this log(s) will be placed
# logname - the logname in XpoLog

# To add more than one log create another set of properties for the additional log

#- type: log

#enabled: true

#paths:

# - FULL_PATH_TO_LOGS_DIRECTORY/FILE

#fields: {apptags: "App1,Location1NJ",app: "App1", logname: "App1_LOG_NAME_1", filename: beat.source}2"}

 

filebeat.config.modules:

path: ${path.config}/modules.d/*.yml

reload.enabled: false

setup.template.settings:

index.number_of_shards: 3

output.logstash:

hosts: ["<LOGSTASH_HOSTNAME>:<PORT>"]

#Example:

# hosts: ["localhost:5044"]
# Note that 5044 is the default port set for Filebeat output

...