Configuration for ELK+filebeat with docker-compose

Govinda8594 · June 30, 2020, 7:28am

Hello Team, i am new to ELK and i have problem with setting this configuration ,My filebeat.yml is taking input from docker log (with respective file path) and send this log to logstash for indexing based on log file but i am not able to generating indexing for each log file. i am sharing my filebeat.yml file and logstash.conf file so help me correct my mistake

Here filebeat.yml file

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - '/var/lib/docker/containers/7b340f91ed9f4ebb9966fe68b915ed65ccc24051614c8a6c564c184e6042a89a/7b340f91ed9f4ebb9966fe68b915ed65ccc24051614c8a6c564c184e6042a89a-json.log'
  fields:
    log_type: eureka-service 
    
- type: log
  enabled: true
  paths:
    - '/var/lib/docker/containers/41036a6132a000a2d1efdd05a8acb1fe7df427fbe0113015de2fc7256f426179/41036a6132a000a2d1efdd05a8acb1fe7df427fbe0113015de2fc7256f426179-json.log'
  fields:
    log_type: zuul-service
    
- type: log
  enabled: true
  paths:
    - '/var/lib/docker/containers/ee5cb84dd68d7ce7e2730d5388939604be13c1786da15e883e4cc2863b5dbf43/ee5cb84dd68d7ce7e2730d5388939604be13c1786da15e883e4cc2863b5dbf43-json.log'
  fields:
    log_type: signup-service  
  
  fields_under_root: true
  json.keys_under_root: true
  json.message_key: log  
  encoding: utf-8
  document_type: docker

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false

output.logstash:
  hosts: ["logstash:5044"]  

processors:
- decode_json_fields:
    fields: ["log"]
    target: ""
    overwrite_keys: true
- add_docker_metadata: ~

logging.json: true
logging.metrics.enabled: false

here my logstash.conf file

 input {

beats {
port => "5044"
}
}

filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} *%{LOGLEVEL:level} [%{DATA:application},%{DATA:minQId},%{DATA:maxQId},%{DATA:debug}] %{DATA:pid} --- *[%{DATA:thread}] %{JAVACLASS:class} *: %{GREEDYDATA:log}" }
overwrite => [ "message" ]
}

}

output {
if [fields][log_type] == "eureka-service"{
elasticsearch {
hosts => ["elasticsearch:9200"]
manage_template => false
index => "eureka-log"
}
}
if [fields][log_type] == "zuul-service"{
elasticsearch {
hosts => ["elasticsearch:9200"]
manage_template => false
index => "zuul-log"
}
}
if [fields][log_type] == "signup-service"{
elasticsearch {
hosts => ["elasticsearch:9200"]
manage_template => false
index => "signup-log"
}
}

   stdout { codec => rubydebug }    


}

system · July 28, 2020, 9:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.