Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ################### Filebeat Configuration Example #########################
- ############################# Filebeat ######################################
- filebeat:
- # List of prospectors to fetch data.
- prospectors:
- # Each - is a prospector. Below are the prospector specific configurations
- -
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- # - /var/log/*.log
- - c:\Logs\API_Logs\*\*.log
- # - c:\Logs\Service_Logs\*
- # Configure the file encoding for reading file with international characters
- # supported encodings:
- # plain, utf-8, utf-16be-bom, utf-16be, utf-16le, big5, gb18030, gbk, hzgb2312,
- # euckr, eucjp, iso2022jp, shiftjis, iso8859-63, iso8859-6i, iso8859-8e,
- # iso8859-8i
- encoding: plain
- # Type of the files. Based on this the way the file is read is decided.
- # The different types cannot be mixed in one prospector
- #
- # Possible options are:
- # * log: Reads every line of the log file (default)
- # * stdin: Reads the standard in
- type: log
- # Optional additional fields. These field can be freely picked
- # to add additional information to the crawled log files for filtering
- #fields:
- # level: debug
- # review: 1
- # Ignore files which were modified more then the defined timespan in the past
- # Time strings like 2h (2 hours), 5m (5 minutes) can be used.
- #ignore_older:
- # Scan frequency in seconds.
- # How often these files should be checked for changes. In case it is set
- # to 0s, it is done as often as possible. Default: 10s
- #scan_frequency: 10s
- # Defines the buffer size every harvester uses when fetching the file
- #harvester_buffer_size: 16384
- # Always tail on log rotation. Disabled by default
- # Note: This may skip entries
- #tail_on_rotate: false
- #-
- # paths:
- # - /var/log/apache/*.log
- # type: log
- #
- # # Ignore files which are older then 24 hours
- # ignore_older: 24h
- #
- # # Additional fields which can be freely defined
- # fields:
- # type: apache
- # server: localhost
- #-
- # type: stdin
- # paths:
- # - "-"
- # General filebeat configuration options
- #
- # Event count spool threshold - forces network flush if exceeded
- #spool_size: 1024
- # Defines how often the spooler is flushed. After idle_timeout the spooler is
- # Flush even though spool_size is not reached.
- #idle_timeout: 5s
- # Name of the registry file. Per default it is put in the current working
- # directory. In case the working directory is changed after when running
- # filebeat again, indexing starts from the beginning again.
- registry_file: "C:/ProgramData/filebeat/registry"
- # Full Path to directory with additional prospector configuration files. Each file must end with .yml
- # These config files must have the full filebeat config part inside, but only
- # the prospector part is processed. All global options like spool_size are ignored.
- # The config_dir MUST point to a different directory then where the main filebeat config file is in.
- config_dir:
- ############################# Output ##########################################
- # Configure what outputs to use when sending the data collected by filebeat.
- # You can enable one or multiple outputs by setting enabled option to true.
- output:
- ### Elasticsearch as output
- #elasticsearch:
- # Set to true to enable elasticsearch output
- #enabled: false
- # Array of hosts to connect to.
- # Scheme and port can be left out and will be set to the default (http and 9200)
- # In case you specify and additional path, the scheme is required: http://localhost:9200/path
- # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
- #hosts: ["localhost:9200"]
- # Optional protocol and basic auth credentials. These are deprectad
- #protocol: "https"
- #username: "admin"
- #password: "s3cr3t"
- # Optional index name. The default is "filebeat" and generates
- # [filebeat-]YYYY.MM.DD keys.
- #index: "filebeat"
- # Optional HTTP Path
- #path: "/elasticsearch"
- # The number of times a particular Elasticsearch index operation is attempted. If
- # the indexing operation doesn't succeed after this many retries, the events are
- # dropped. The default is 3.
- #max_retries: 3
- # The maximum number of events to bulk in a single Elasticsearch bulk API index request.
- # The default is 10000.
- #bulk_max_size: 10000
- # The number of seconds to wait for new events between two bulk API index requests.
- # If `bulk_max_size` is reached before this interval expires, addition bulk index
- # requests are made.
- #flush_interval
- # tls configuration
- #tls:
- # If disabled is set to true, the tls section will be ignored and the
- # host its certificate authorities will be used.
- #disabled: true
- # List of root certificates for HTTPS server verifications
- #certificate_authorities: ["/etc/pki/root/ca.pem"]
- # Certificate for TLS client authentication
- #certificate: "/etc/pki/client/cert.pem"
- # Client Certificate Key
- #certificate_key: "/etc/pki/client/cert.key"
- # Controls whether the client verifies server certificates and host name.
- # If insecure is set to true, all server host names and certificates will be
- # accepted. In this mode TLS based connections are susceptible to
- # man-in-the-middle attacks. Use only for testing.
- #insecure: true
- # Configure cipher suites to be used for TLS connections
- #cipher_suites: []
- # Configure curve types for ECDHE based cipher suites
- #curve_types: []
- ### Logstash as output
- logstash:
- # Uncomment out this option if you want to output to Logstash. The default is false.
- enabled: true
- # The Logstash hosts
- hosts: ["localhost:5544"]
- # Optional load balance the events between the Logstash hosts
- #loadbalance: true
- # Optional index name. The default index name is filebeat.
- index: api
- # Optional TLS. The default is on
- tls:
- disabled: true
- # List of root certificates for HTTPS server verifications
- #certificate_authorities: ["/etc/pki/root/ca.pem"]
- # Certificate for TLS client authentication
- #certificate: "/etc/pki/client/cert.pem"
- # Client Certificate Key
- #certificate_key: "/etc/pki/client/cert.key"
- # Controls whether the client verifies server certificates and host name.
- # If insecure is set to true, all server host names and certificates will be
- # accepted. In this mode TLS based connections are susceptible to
- # man-in-the-middle attacks. Use only for testing.
- #insecure: true
- # Configure cipher suites to be used for TLS connections
- #cipher_suites: []
- # Configure curve types for ECDHE based cipher suites
- #curve_types: []
- ### File as output
- #file:
- # Enabling file output
- #enabled: false
- # Path to the directory where to save the generated files. The option is mandatory.
- #path: "/tmp/filebeat"
- # Name of the generated files. The default is `filebeat` and it generates
- # files: `filebeat`, `filebeat.1`, `filebeat.2`, etc.
- #filename: filebeat
- # Maximum size in kilobytes of each file. When this size is reached, the files are
- # rotated. The default value is 10 MB.
- #rotate_every_kb: 10000
- # Maximum number of files under path. When this number of files is reached, the
- # oldest file is deleted and the rest are shifted from last to first. The default
- # is 7 files.
- #number_of_files: 7
- ############################# Shipper #########################################
- shipper:
- # The name of the shipper that publishes the network data. It can be used to group
- # all the transactions sent by a single shipper in the web interface.
- # If this options is not defined, the hostname is used.
- #name:
- # The tags of the shipper are included in their own field with each
- # transaction published. Tags make it easy to group servers by different
- # logical properties.
- #tags: ["service-X", "web-tier"]
- # Uncomment the following if you want to ignore transactions created
- # by the server on which the shipper is installed. This option is useful
- # to remove duplicates if shippers are installed on multiple servers.
- #ignore_outgoing: true
- ############################# Logging #########################################
- #logging:
- # selectors: []
- #
- # # Rotator config
- # files:
- # path:
- # name:
- # rotateEveryBytes:
- # keepFiles:
- # to_syslog: false
- # to_files: false
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement