FIlebeat running on ubuntu 14.04
Logs are in ubuntu machine and i want to send my remote machine.
input {
beats {
port => 5043
type => "logs"
}
}
output {
elasticsearch {
hosts => "localhost:9200"
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
filebeat:
prospectors:
paths:
- /var/lib/tomcat7/logs/storypulse.log
input_type: log
output:
logstash:
# The Logstash hosts
hosts: ["98.175.99.177:5043"]
# Number of workers per Logstash host.
worker: 1
shipper:
refresh_topology_freq: 10
logging:
files:
rotateeverybytes: 10485760 # = 10MB
steffens
February 18, 2016, 6:05pm
2
The filebeat config looks off.
yaml is sensitive to indendation. make sure to use spaces for indentation only
prospectors expects a list of configs all beginning with -
filebeat is running fine i tried debugging it.
I didnt understand what does this mean. Can please explain in layman terms.
This is the debug output.
andrewkroh
February 19, 2016, 5:33pm
4
steffens
February 19, 2016, 5:33pm
5
from docs:
filebeat:
prospectors:
-
paths:
- /var/log/system.log
- /var/log/wifi.log
-
paths:
- "/var/log/apache2/*"
multiple prospectors are defined each starting with -
connecting error publishing events retrying:dail tcp 98.xx.xx.xxx:5043 i/o timeout send fail how can i overcome this?
some times in filebeat we can see data that is no the problem the data that is shown during debug of filebeat is not visible in my ES
Thanks for commenting we got it working. We just opened the port 5043 in the firewall and its working now.
