I was wondering how to customize the beats that are already available and how to direct the logs and what extremes can we customize the beats?
The documentation of each beat should describe how its behavior can be customized.
Oh okay, I just checked out some of the documentations and it does seem like a simple .confg file in each directories within the main beat program seem to be the solution.
so would a document for a beat always be a .confg file?
And I am assuming they would generally look like this? or Would each beat have a different format/file that much be applied?
filebeat:
prospectors:
paths:
-"C:\user\desktop"
document_type: apache
exclude_lines: ["teehee"]
include_lines:["^ERR","^WARN"]
paths:
-C:\user\desktop
filebeat:
config_dir:C:\user
And for this particular example, I am assuming it will be within the main filebeat path where the .yml,json,etc documents are.
And thank you for the help =]
so would a document for a beat always be a .confg file?
I'm afraid I don't understand this question.
And I am assuming they would generally look like this? or Would each beat have a different format/file that much be applied?
Yes, I believe all configuration files are in YAML format. That exact contents obviously depends on the Beat.
And for this particular example, I am assuming it will be within the main filebeat path where the .yml,json,etc documents are.
You mean where the configuration file should be stored? I don't know the Windows conventions for that. I'd keep it out of the program's installation directory but technically you can put the file anywhere.
For the question about the .confg file, can a beat customizer document be of any type of file? or does it always have to consistently be a config document.
Ahh i see that if i put the configuration file anywhere I just have to input
config_dir: pwd/ filebeat.config
and do I have to specify the filebeat or can I just input .config and it would presumably scan all the configuration documents within the dir.
And once again, much thanks and all the help is really awesome =]
Also, does everything have to be under prospectors or can they be a separate segment like registry_files: and such
Sorry for the pilling on questions, but in particular for filebeat, would i change this all within the yml and if I add that direct example would it theoretically look at all the apache files within that path with ^err and ^warn included lines?
Much thanks
Sorry for the pilling on questions, but in particular for filebeat, would i change this all within the yml and if I add that direct example would it theoretically look at all the apache files within that path with ^err and ^warn included lines?
I'm not sure exactly what you're asking but the answer is probably "yes".