Filebeat conf

1. ################### Filebeat Configuration Example #########################
2.  
3. ############################# Filebeat ######################################
4. filebeat:
5.  # List of prospectors to fetch data.
6.   prospectors:
7.    # Each - is a prospector. Below are the prospector specific configurations
8.     -
9.       # Paths that should be crawled and fetched. Glob based paths.
10.       # To fetch all ".log" files from a specific level of subdirectories
11.       # /var/log/*/*.log can be used.
12.       # For each file found under this path, a harvester is started.
13.       # Make sure not file is defined twice as this can lead to unexpected behaviour.
14.       paths:
15.      # - /var/log/*.log
16.         - c:\Logs\API_Logs\*\*.log
17.       #  - c:\Logs\Service_Logs\*
18.  
19.       # Configure the file encoding for reading file with international characters
20.       # supported encodings:
21.       #   plain, utf-8, utf-16be-bom, utf-16be, utf-16le, big5, gb18030, gbk, hzgb2312,
22.       #   euckr, eucjp, iso2022jp, shiftjis, iso8859-63, iso8859-6i, iso8859-8e,
23.       #   iso8859-8i
24.       encoding: plain
25.  
26.       # Type of the files. Based on this the way the file is read is decided.
27.       # The different types cannot be mixed in one prospector
28.       #
29.       # Possible options are:
30.       # * log: Reads every line of the log file (default)
31.       # * stdin: Reads the standard in
32.       type: log
33.  
34.       # Optional additional fields. These field can be freely picked
35.       # to add additional information to the crawled log files for filtering
36.       #fields:
37.       #  level: debug
38.       #  review: 1
39.  
40.       # Ignore files which were modified more then the defined timespan in the past
41.       # Time strings like 2h (2 hours), 5m (5 minutes) can be used.
42.       #ignore_older:
43.  
44.       # Scan frequency in seconds.
45.       # How often these files should be checked for changes. In case it is set
46.       # to 0s, it is done as often as possible. Default: 10s
47.       #scan_frequency: 10s
48.  
49.       # Defines the buffer size every harvester uses when fetching the file
50.       #harvester_buffer_size: 16384
51.  
52.       # Always tail on log rotation. Disabled by default
53.       # Note: This may skip entries
54.       #tail_on_rotate: false
55.  
56.     #-
57.     #  paths:
58.     #    - /var/log/apache/*.log
59.     #  type: log
60.     #
61.     #  # Ignore files which are older then 24 hours
62.     #  ignore_older: 24h
63.     #
64.     #  # Additional fields which can be freely defined
65.     #  fields:
66.     #    type: apache
67.     #    server: localhost
68.     #-
69.     #  type: stdin
70.     #  paths:
71.     #    - "-"
72.  
73.   # General filebeat configuration options
74.   #
75.   # Event count spool threshold - forces network flush if exceeded
76.   #spool_size: 1024
77.  
78.   # Defines how often the spooler is flushed. After idle_timeout the spooler is
79.   # Flush even though spool_size is not reached.
80.   #idle_timeout: 5s
81.  
82.   # Name of the registry file. Per default it is put in the current working
83.   # directory. In case the working directory is changed after when running
84.   # filebeat again, indexing starts from the beginning again.
85.   registry_file: "C:/ProgramData/filebeat/registry"
86.  
87.   # Full Path to directory with additional prospector configuration files. Each file must end with .yml
88.   # These config files must have the full filebeat config part inside, but only
89.   # the prospector part is processed. All global options like spool_size are ignored.
90.   # The config_dir MUST point to a different directory then where the main filebeat config file is in.
91.   config_dir:
93.  
94. ############################# Output ##########################################
95.  
96. # Configure what outputs to use when sending the data collected by filebeat.
97. # You can enable one or multiple outputs by setting enabled option to true.
98. output:
100.   ### Elasticsearch as output
101.   #elasticsearch:
102.  
103.     # Set to true to enable elasticsearch output
104.     #enabled: false
105.  
106.     # Array of hosts to connect to.
107.     # Scheme and port can be left out and will be set to the default (http and 9200)
108.     # In case you specify and additional path, the scheme is required: http://localhost:9200/path
109.     # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
110.     #hosts: ["localhost:9200"]
111.  
112.     # Optional protocol and basic auth credentials. These are deprectad
113.     #protocol: "https"
114.     #username: "admin"
115.     #password: "s3cr3t"
116.  
117.     # Optional index name. The default is "filebeat" and generates
118.     # [filebeat-]YYYY.MM.DD keys.
119.     #index: "filebeat"
120.  
121.     # Optional HTTP Path
122.     #path: "/elasticsearch"
123.  
124.     # The number of times a particular Elasticsearch index operation is attempted. If
125.     # the indexing operation doesn't succeed after this many retries, the events are
126.     # dropped. The default is 3.
127.     #max_retries: 3
128.  
129.     # The maximum number of events to bulk in a single Elasticsearch bulk API index request.
130.     # The default is 10000.
131.     #bulk_max_size: 10000
132.  
133.     # The number of seconds to wait for new events between two bulk API index requests.
134.     # If `bulk_max_size` is reached before this interval expires, addition bulk index
135.     # requests are made.
136.     #flush_interval
137.  
138.     # tls configuration
139.     #tls:
140.       # If disabled is set to true, the tls section will be ignored and the
141.       # host its certificate authorities will be used.
142.       #disabled: true
143.  
144.       # List of root certificates for HTTPS server verifications
145.       #certificate_authorities: ["/etc/pki/root/ca.pem"]
146.  
147.       # Certificate for TLS client authentication
148.       #certificate: "/etc/pki/client/cert.pem"
149.  
150.       # Client Certificate Key
151.       #certificate_key: "/etc/pki/client/cert.key"
152.  
153.       # Controls whether the client verifies server certificates and host name.
154.       # If insecure is set to true, all server host names and certificates will be
155.       # accepted. In this mode TLS based connections are susceptible to
156.       # man-in-the-middle attacks. Use only for testing.
157.       #insecure: true
158.  
159.       # Configure cipher suites to be used for TLS connections
160.       #cipher_suites: []
161.  
162.       # Configure curve types for ECDHE based cipher suites
163.       #curve_types: []
164.  
165.  
166.   ### Logstash as output
167.   logstash:
168.    # Uncomment out this option if you want to output to Logstash. The default is false.
169.     enabled: true
170.  
171.     # The Logstash hosts
172.     hosts: ["localhost:5544"]
173.  
174.     # Optional load balance the events between the Logstash hosts
175.     #loadbalance: true
176.  
177.     # Optional index name. The default index name is filebeat.
178.     index: api
179.  
180.     # Optional TLS. The default is on
181.     tls:
182.       disabled: true
183.  
184.       # List of root certificates for HTTPS server verifications
185.       #certificate_authorities: ["/etc/pki/root/ca.pem"]
186.  
187.       # Certificate for TLS client authentication
188.       #certificate: "/etc/pki/client/cert.pem"
189.  
190.       # Client Certificate Key
191.       #certificate_key: "/etc/pki/client/cert.key"
192.  
193.       # Controls whether the client verifies server certificates and host name.
194.       # If insecure is set to true, all server host names and certificates will be
195.       # accepted. In this mode TLS based connections are susceptible to
196.       # man-in-the-middle attacks. Use only for testing.
197.       #insecure: true
198.  
199.       # Configure cipher suites to be used for TLS connections
200.       #cipher_suites: []
201.  
202.       # Configure curve types for ECDHE based cipher suites
203.       #curve_types: []
204.  
205.  
206.   ### File as output
207.   #file:
208.     # Enabling file output
209.     #enabled: false
210.  
211.     # Path to the directory where to save the generated files. The option is mandatory.
212.     #path: "/tmp/filebeat"
213.  
214.     # Name of the generated files. The default is `filebeat` and it generates
215.     # files: `filebeat`, `filebeat.1`, `filebeat.2`, etc.
216.     #filename: filebeat
217.  
218.     # Maximum size in kilobytes of each file. When this size is reached, the files are
219.     # rotated. The default value is 10 MB.
220.     #rotate_every_kb: 10000
221.  
222.     # Maximum number of files under path. When this number of files is reached, the
223.     # oldest file is deleted and the rest are shifted from last to first. The default
224.     # is 7 files.
225.     #number_of_files: 7
226.  
227.  
228. ############################# Shipper #########################################
229.  
230. shipper:
231.  # The name of the shipper that publishes the network data. It can be used to group
232.   # all the transactions sent by a single shipper in the web interface.
233.   # If this options is not defined, the hostname is used.
234.   #name:
235.  
236.   # The tags of the shipper are included in their own field with each
237.   # transaction published. Tags make it easy to group servers by different
238.   # logical properties.
239.   #tags: ["service-X", "web-tier"]
240.  
241.   # Uncomment the following if you want to ignore transactions created
242.   # by the server on which the shipper is installed. This option is useful
243.   # to remove duplicates if shippers are installed on multiple servers.
244.   #ignore_outgoing: true
245.  
246.  
247. ############################# Logging #########################################
248.  
249. #logging:
250. #  selectors: []
251. #
252. #  # Rotator config
253. #  files:
254. #    path:
255. #    name:
256. #    rotateEveryBytes:
257. #    keepFiles:
258. #  to_syslog: false
259. #  to_files: false