Filebeat
Configuration of log shipper 'Filebeat'
This section explains how you can configure 'Filebeat' like a log shipper.
In order for filebeat component to send the log details to the event gateway, users have to configure two elements.
Event Gateway Endpoint
Filebeat configuration
Step 1:
An example of Event Gateway Endpoint configuration is captured in the below configuration snippet
endpoints:
- name: fb1 # URL is implicit, http://ip:port/fb1
type: filebeat
stream: filebeat_1_logs
ssl: true
enabled: true
xpack_features: min
attrs:
site_code: dataccenter2
archive_name: filebeat_logs
port: 9200
An example of Linux-based Filebeat configuration is captured in the below configuration snippet.
Step 2: Update hosts details in /etc/filebeat/filebeat.yml file (using your favorite editor (e.g. vi )
output.elasticsearch:
# Boolean flag to enable or disable the output module.
enabled: true
# Array of hosts to connect to.
# Scheme and port can be left out and will be set to the default (http and 9200)
# In case you specify and additional path, the scheme is required: http://localhost:9200/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
hosts: ["http://<event-gateway>:9200/fb1"]
protocol: "http"
ssl.enabled: false
#ssl.verification_mode: none
Step 3: Restart the filebeat service (as shown in the below code snippet).
# Restart filebeat services
bash# sudo systemctl stop filebeat
bash# sudo systemctl start filebeat
Note: In order to run the above commands, the user is expected to have 'sudo' privileges or run the command as a root to enable the required ports.
Last updated