mahdihty
/
liwo
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
137 Commits
5 Branches
0 Tags
1.4 MiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
liwo/filebeat.yml

235 lines
9.9 KiB
Raw Permalink Normal View History

I'm hungery. going to lunach.
4 years ago
When you're reading this, i'm on my way home...Happy New Year
4 years ago
I'm hungery. going to lunach.
4 years ago
When you're reading this, i'm on my way home...Happy New Year
4 years ago
I'm hungery. going to lunach.
4 years ago
  1. filebeat.config:
  2. modules:
  3. path: ${path.config}/modules.d/*.yml
  4. reload.enabled: false
  6. processors:
  7. - add_cloud_metadata: ~
  8. - add_docker_metadata: ~
  10. filebeat.inputs:
  11. #------------------------------ Log input --------------------------------
  12. - type: log
  14. # Change to true to enable this input configuration.
  15. enabled: true
  17. # Paths that should be crawled and fetched. Glob based paths.
  18. # To fetch all ".log" files from a specific level of subdirectories
  19. # /var/log/*/*.log can be used.
  20. # For each file found under this path, a harvester is started.
  21. # Make sure not file is defined twice as this can lead to unexpected behaviour.
  22. paths:
  23. - /var/log/mysql/*.log
  24. #- c:\programdata\elasticsearch\logs\*
  26. # Configure the file encoding for reading files with international characters
  27. # following the W3C recommendation for HTML5 (http://www.w3.org/TR/encoding).
  28. # Some sample encodings:
  29. # plain, utf-8, utf-16be-bom, utf-16be, utf-16le, big5, gb18030, gbk,
  30. # hz-gb-2312, euc-kr, euc-jp, iso-2022-jp, shift-jis, ...
  31. #encoding: plain
  34. # Exclude lines. A list of regular expressions to match. It drops the lines that are
  35. # matching any regular expression from the list. The include_lines is called before
  36. # exclude_lines. By default, no lines are dropped.
  37. #exclude_lines: ['^DBG']
  39. # Include lines. A list of regular expressions to match. It exports the lines that are
  40. # matching any regular expression from the list. The include_lines is called before
  41. # exclude_lines. By default, all the lines are exported.
  42. #include_lines: ['^ERR', '^WARN']
  44. # Exclude files. A list of regular expressions to match. Filebeat drops the files that
  45. # are matching any regular expression from the list. By default, no files are dropped.
  46. #exclude_files: ['.gz$']
  48. # Method to determine if two files are the same or not. By default
  49. # the Beat considers two files the same if their inode and device id are the same.
  50. #file_identity.native: ~
  52. # Optional additional fields. These fields can be freely picked
  53. # to add additional information to the crawled log files for filtering
  54. #fields:
  55. # level: debug
  56. # review: 1
  58. # Set to true to store the additional fields as top level fields instead
  59. # of under the "fields" sub-dictionary. In case of name conflicts with the
  60. # fields added by Filebeat itself, the custom fields overwrite the default
  61. # fields.
  62. #fields_under_root: false
  64. # Set to true to publish fields with null values in events.
  65. #keep_null: false
  67. # By default, all events contain `host.name`. This option can be set to true
  68. # to disable the addition of this field to all events. The default value is
  69. # false.
  70. #publisher_pipeline.disable_host: false
  72. # Ignore files which were modified more then the defined timespan in the past.
  73. # ignore_older is disabled by default, so no files are ignored by setting it to 0.
  74. # Time strings like 2h (2 hours), 5m (5 minutes) can be used.
  75. #ignore_older: 0
  77. # How often the input checks for new files in the paths that are specified
  78. # for harvesting. Specify 1s to scan the directory as frequently as possible
  79. # without causing Filebeat to scan too frequently. Default: 10s.
  80. #scan_frequency: 10s
  82. # Defines the buffer size every harvester uses when fetching the file
  83. #harvester_buffer_size: 16384
  85. # Maximum number of bytes a single log event can have
  86. # All bytes after max_bytes are discarded and not sent. The default is 10MB.
  87. # This is especially useful for multiline log messages which can get large.
  88. #max_bytes: 10485760
  90. # Characters which separate the lines. Valid values: auto, line_feed, vertical_tab, form_feed,
  91. # carriage_return, carriage_return_line_feed, next_line, line_separator, paragraph_separator.
  92. #line_terminator: auto
  94. ### Recursive glob configuration
  96. # Expand "**" patterns into regular glob patterns.
  97. #recursive_glob.enabled: true
  99. ### JSON configuration
  101. # Decode JSON options. Enable this if your logs are structured in JSON.
  102. # JSON key on which to apply the line filtering and multiline settings. This key
  103. # must be top level and its value must be string, otherwise it is ignored. If
  104. # no text key is defined, the line filtering and multiline features cannot be used.
  105. #json.message_key:
  107. # By default, the decoded JSON is placed under a "json" key in the output document.
  108. # If you enable this setting, the keys are copied top level in the output document.
  109. #json.keys_under_root: false
  111. # If keys_under_root and this setting are enabled, then the values from the decoded
  112. # JSON object overwrite the fields that Filebeat normally adds (type, source, offset, etc.)
  113. # in case of conflicts.
  114. #json.overwrite_keys: false
  116. # If this setting is enabled, then keys in the decoded JSON object will be recursively
  117. # de-dotted, and expanded into a hierarchical object structure.
  118. # For example, `{"a.b.c": 123}` would be expanded into `{"a":{"b":{"c":123}}}`.
  119. #json.expand_keys: false
  121. # If this setting is enabled, Filebeat adds a "error.message" and "error.key: json" key in case of JSON
  122. # unmarshaling errors or when a text key is defined in the configuration but cannot
  123. # be used.
  124. #json.add_error_key: false
  126. ### Multiline options
  128. # Multiline can be used for log messages spanning multiple lines. This is common
  129. # for Java Stack Traces or C-Line Continuation
  131. # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
  132. multiline.pattern: '^\#[[:space:]]Time'
  133. multiline.negate: true
  134. multiline.match: after
  137. # Defines if the pattern set under pattern should be negated or not. Default is false.
  138. #multiline.negate: false
  140. # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
  141. # that was (not) matched before or after or as long as a pattern is not matched based on negate.
  142. # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
  143. #multiline.match: after
  145. # The maximum number of lines that are combined to one event.
  146. # In case there are more the max_lines the additional lines are discarded.
  147. # Default is 500
  148. #multiline.max_lines: 500
  150. # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
  151. # Default is 5s.
  152. #multiline.timeout: 5s
  154. # To aggregate constant number of lines into a single event use the count mode of multiline.
  155. #multiline.type: count
  157. # The number of lines to aggregate into a single event.
  158. #multiline.count_lines: 3
  160. # Do not add new line character when concatenating lines.
  161. #multiline.skip_newline: false
  163. # Setting tail_files to true means filebeat starts reading new files at the end
  164. # instead of the beginning. If this is used in combination with log rotation
  165. # this can mean that the first entries of a new file are skipped.
  166. #tail_files: false
  168. # The Ingest Node pipeline ID associated with this input. If this is set, it
  169. # overwrites the pipeline option from the Elasticsearch output.
  170. #pipeline:
  172. # If symlinks is enabled, symlinks are opened and harvested. The harvester is opening the
  173. # original for harvesting but will report the symlink name as source.
  174. #symlinks: false
  176. # Backoff values define how aggressively filebeat crawls new files for updates
  177. # The default values can be used in most cases. Backoff defines how long it is waited
  178. # to check a file again after EOF is reached. Default is 1s which means the file
  179. # is checked every second if new lines were added. This leads to a near real time crawling.
  180. # Every time a new line appears, backoff is reset to the initial value.
  181. #backoff: 1s
  183. # Max backoff defines what the maximum backoff time is. After having backed off multiple times
  184. # from checking the files, the waiting time will never exceed max_backoff independent of the
  185. # backoff factor. Having it set to 10s means in the worst case a new line can be added to a log
  186. # file after having backed off multiple times, it takes a maximum of 10s to read the new line
  187. #max_backoff: 10s
  189. # The backoff factor defines how fast the algorithm backs off. The bigger the backoff factor,
  190. # the faster the max_backoff value is reached. If this value is set to 1, no backoff will happen.
  191. # The backoff value will be multiplied each time with the backoff_factor until max_backoff is reached
  192. #backoff_factor: 2
  194. # Max number of harvesters that are started in parallel.
  195. # Default is 0 which means unlimited
  196. #harvester_limit: 0
  198. ### Harvester closing options
  200. # Close inactive closes the file handler after the predefined period.
  201. # The period starts when the last line of the file was, not the file ModTime.
  202. # Time strings like 2h (2 hours), 5m (5 minutes) can be used.
  203. #close_inactive: 5m
  205. # Close renamed closes a file handler when the file is renamed or rotated.
  206. # Note: Potential data loss. Make sure to read and understand the docs for this option.
  207. #close_renamed: false
  209. # When enabling this option, a file handler is closed immediately in case a file can't be found
  210. # any more. In case the file shows up again later, harvesting will continue at the last known position
  211. # after scan_frequency.
  212. #close_removed: true
  214. # Closes the file handler as soon as the harvesters reaches the end of the file.
  215. # By default this option is disabled.
  216. # Note: Potential data loss. Make sure to read and understand the docs for this option.
  217. #close_eof: false
  219. ### State options
  221. # Files for the modification data is older then clean_inactive the state from the registry is removed
  222. # By default this is disabled.
  223. #clean_inactive: 0
  225. # Removes the state for file which cannot be found on disk anymore immediately
  226. #clean_removed: true
  228. # Close timeout closes the harvester after the predefined time.
  229. # This is independent if the harvester did finish reading the file or not.
  230. # By default this option is disabled.
  231. # Note: Potential data loss. Make sure to read and understand the docs for this option.
  232. #close_timeout: 0
  234. output.logstash:
  235. hosts: ["graylog:5044"]