###################### Filebeat Configuration Example #########################

1. ###################### Filebeat Configuration Example #########################
2.  
3. # This file is an example configuration file highlighting only the most common
4. # options. The filebeat.reference.yml file from the same directory contains all the
5. # supported options with more comments. You can use it as a reference.
6. #
7. # You can find the full configuration reference here:
8. # https://www.elastic.co/guide/en/beats/filebeat/index.html
9.  
10. # For more available modules and options, please see the filebeat.reference.yml sample
11. # configuration file.
12.  
13. # ============================== Filebeat inputs ===============================
14.  
15. filebeat.inputs:
16.  
17. # Each - is an input. Most options can be set at the input level, so
18. # you can use different inputs for various configurations.
19. # Below are the input specific configurations.
20.  
21. #- type: log
22.  
23. # Change to true to enable this input configuration.
24. enabled: true
25.  
26. # Paths that should be crawled and fetched. Glob based paths.
27. paths:
28. #- /var/log/*.log
29. #- c:\programdata\elasticsearch\logs\*
30. - "c:\\screeninglogs\\ressrvc.log"
31. - type: log
32. fields:
33. apache: true
34. fields_under_root: true
35.  
36. # Exclude lines. A list of regular expressions to match. It drops the lines that are
37. # matching any regular expression from the list.
38. #exclude_lines: ['^DBG']
39.  
40. # Include lines. A list of regular expressions to match. It exports the lines that are
41. # matching any regular expression from the list.
42. #include_lines: ['^ERR', '^WARN']
43.  
44. # Exclude files. A list of regular expressions to match. Filebeat drops the files that
45. # are matching any regular expression from the list. By default, no files are dropped.
46. #exclude_files: ['.gz$']
47.  
48. # Optional additional fields. These fields can be freely picked
49. # to add additional information to the crawled log files for filtering
50. #fields:
51. # level: debug
52. # review: 1
53.  
54. ### Multiline options
55.  
56. # Multiline can be used for log messages spanning multiple lines. This is common
57. # for Java Stack Traces or C-Line Continuation
58.  
59. # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
60. #multiline.pattern: ^\[
61.  
62. # Defines if the pattern set under pattern should be negated or not. Default is false.
63. #multiline.negate: false
64.  
65. # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
66. # that was (not) matched before or after or as long as a pattern is not matched based on negate.
67. # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
68. #multiline.match: after
69.  
70. # ============================== Filebeat modules ==============================
71.  
72. filebeat.config.modules:
73. # Glob pattern for configuration loading
74. path: "C:\\Program Files\\Filebeat\\module\\apache\\*.yml"
75. # Set to true to enable config reloading
76. reload.enabled: false
77.  
78. # Period on which files under path should be checked for changes
79. #reload.period: 10s
80.  
81. # ======================= Elasticsearch template setting =======================
82.  
83. setup.template.settings:
84. index.number_of_shards: 1
85. #index.codec: best_compression
86. #_source.enabled: false
87.  
88.  
89. # ================================== General ===================================
90.  
91. # The name of the shipper that publishes the network data. It can be used to group
92. # all the transactions sent by a single shipper in the web interface.
93. #name:
94.  
95. # The tags of the shipper are included in their own field with each
96. # transaction published.
97. #tags: ["service-X", "web-tier"]
98.  
99. # Optional fields that you can specify to add additional information to the
100. # output.
101. #fields:
102. # env: staging
103.  
104. # ================================= Dashboards =================================
105. # These settings control loading the sample dashboards to the Kibana index. Loading
106. # the dashboards is disabled by default and can be enabled either by setting the
107. # options here or by using the `setup` command.
108. #setup.dashboards.enabled: false
109.  
110. # The URL from where to download the dashboards archive. By default this URL
111. # has a value which is computed based on the Beat name and version. For released
112. # versions, this URL points to the dashboard archive on the artifacts.elastic.co
113. # website.
114. #setup.dashboards.url:
115.  
116. # =================================== Kibana ===================================
117.  
118. # Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
119. # This requires a Kibana endpoint configuration.
120. setup.kibana:
121.  
122. # Kibana Host
123. # Scheme and port can be left out and will be set to the default (http and 5601)
124. # In case you specify and additional path, the scheme is required: http://localhost:5601/path
125. # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
126. host: "localhost:5601"
127.  
128. # Kibana Space ID
129. # ID of the Kibana Space into which the dashboards should be loaded. By default,
130. # the Default Space will be used.
131. #space.id:
132.  
133. # =============================== Elastic Cloud ================================
134.  
135. # These settings simplify using Filebeat with the Elastic Cloud (https://cloud.elastic.co/).
136.  
137. # The cloud.id setting overwrites the `output.elasticsearch.hosts` and
138. # `setup.kibana.host` options.
139. # You can find the `cloud.id` in the Elastic Cloud web UI.
140. #cloud.id:
141.  
142. # The cloud.auth setting overwrites the `output.elasticsearch.username` and
143. # `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
144. #cloud.auth:
145.  
146. # ================================== Outputs ===================================
147.  
148. # Configure what output to use when sending the data collected by the beat.
149.  
150. # ---------------------------- Elasticsearch Output ----------------------------
151. output.elasticsearch:
152. # Array of hosts to connect to.
153. hosts: ["localhost:9200"]
154.  
155. # Protocol - either `http` (default) or `https`.
156. #protocol: "https"
157.  
158. # Authentication credentials - either API key or username/password.
159. #api_key: "id:api_key"
160. #username: "elastic"
161. #password: "changeme"
162.  
163. # ------------------------------ Logstash Output -------------------------------
164. #output.logstash:
165. # The Logstash hosts
166. # hosts: ["localhost:5601"]
167.  
168. # Optional SSL. By default is off.
169. # List of root certificates for HTTPS server verifications
170. #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
171.  
172. # Certificate for SSL client authentication
173. #ssl.certificate: "/etc/pki/client/cert.pem"
174.  
175. # Client Certificate Key
176. #ssl.key: "/etc/pki/client/cert.key"
177.  
178. # ================================= Processors =================================
179. processors:
180. - add_host_metadata:
181. when.not.contains.tags: forwarded
182. - add_cloud_metadata: ~
183. - add_docker_metadata: ~
184. - add_kubernetes_metadata: ~
185.  
186. # ================================== Logging ===================================
187.  
188. # Sets log level. The default log level is info.
189. # Available log levels are: error, warning, info, debug
190. #logging.level: debug
191.  
192. # At debug level, you can selectively enable logging only for some components.
193. # To enable all selectors use ["*"]. Examples of other selectors are "beat",
194. # "publish", "service".
195. #logging.selectors: ["*"]
196.  
197. # ============================= X-Pack Monitoring ==============================
198. # Filebeat can export internal metrics to a central Elasticsearch monitoring
199. # cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
200. # reporting is disabled by default.
201.  
202. # Set to true to enable the monitoring reporter.
203. #monitoring.enabled: false
204.  
205. # Sets the UUID of the Elasticsearch cluster under which monitoring data for this
206. # Filebeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
207. # is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
208. #monitoring.cluster_uuid:
209.  
210. # Uncomment to send the metrics to Elasticsearch. Most settings from the
211. # Elasticsearch output are accepted here as well.
212. # Note that the settings should point to your Elasticsearch *monitoring* cluster.
213. # Any setting that is not set is automatically inherited from the Elasticsearch
214. # output configuration, so if you have the Elasticsearch output configured such
215. # that it is pointing to your Elasticsearch monitoring cluster, you can simply
216. # uncomment the following line.
217. #monitoring.elasticsearch:
218.  
219. # ============================== Instrumentation ===============================
220.  
221. # Instrumentation support for the filebeat.
222. #instrumentation:
223. # Set to true to enable instrumentation of filebeat.
224. #enabled: false
225.  
226. # Environment in which filebeat is running on (eg: staging, production, etc.)
227. #environment: ""
228.  
229. # APM Server hosts to report instrumentation results to.
230. #hosts:
231. # - http://localhost:8200
232.  
233. # API Key for the APM Server(s).
234. # If api_key is set then secret_token will be ignored.
235. #api_key:
236.  
237. # Secret token for the APM Server(s).
238. #secret_token:
239.  
240.  
241. # ================================= Migration ==================================
242.  
243. # This allows to enable 6.7 migration aliases
244. #migration.6_to_7.enabled: true
245.  
246.