Filebeat XpoLog Integration
XpoLog’s architecture allows receiving data sent by logstash from JSON data objects. In order to do this, a HTTP/S listener account should be created in XpoLog for receiving the data on a specific network port, and the XpoLog logstash output should be sending data to this listener.
Technical Details
The Filebeat configuration file should look like the following:
filebeat.inputs:
- type: log
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- FULL_PATH_TO_LOGS_DIRECTORY/FILE(S)
# Examples:
# - /var/log/*.log
# - c:\programdata\elasticsearch\logs\*
fields: {apptags: "App1,Location1",app: "App1", logname: "App1_LOG_NAME_1", filename: beat.source}
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
output.logstash:
hosts: ["<LOGSTASH_HOSTNAME>:<PORT>"]
#Example:
# hosts: ["localhost:5044"]
# Note that 5044 is the default port set for Filebeat output
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"