Elastic Search Beat


(Teacups Joe) #1

I was wondering how to customize the beats that are already available and how to direct the logs and what extremes can we customize the beats?


(Magnus Bäck) #2

The documentation of each beat should describe how its behavior can be customized.


(Teacups Joe) #3

Oh okay, I just checked out some of the documentations and it does seem like a simple .confg file in each directories within the main beat program seem to be the solution.

so would a document for a beat always be a .confg file?

And I am assuming they would generally look like this? or Would each beat have a different format/file that much be applied?

filebeat:
prospectors:
paths:
-"C:\user\desktop"
document_type: apache
exclude_lines: ["teehee"]
include_lines:["^ERR","^WARN"]
paths:
-C:\user\desktop
filebeat:
config_dir:C:\user

And for this particular example, I am assuming it will be within the main filebeat path where the .yml,json,etc documents are.

And thank you for the help =]


(Magnus Bäck) #4

so would a document for a beat always be a .confg file?

I'm afraid I don't understand this question.

And I am assuming they would generally look like this? or Would each beat have a different format/file that much be applied?

Yes, I believe all configuration files are in YAML format. That exact contents obviously depends on the Beat.

And for this particular example, I am assuming it will be within the main filebeat path where the .yml,json,etc documents are.

You mean where the configuration file should be stored? I don't know the Windows conventions for that. I'd keep it out of the program's installation directory but technically you can put the file anywhere.


(Teacups Joe) #5

For the question about the .confg file, can a beat customizer document be of any type of file? or does it always have to consistently be a config document.

Ahh i see that if i put the configuration file anywhere I just have to input
config_dir: pwd/ filebeat.config
and do I have to specify the filebeat or can I just input .config and it would presumably scan all the configuration documents within the dir.

And once again, much thanks and all the help is really awesome =]


(Teacups Joe) #6

Also, does everything have to be under prospectors or can they be a separate segment like registry_files: and such


(Teacups Joe) #7

Sorry for the pilling on questions, but in particular for filebeat, would i change this all within the yml and if I add that direct example would it theoretically look at all the apache files within that path with ^err and ^warn included lines?

Much thanks


(Magnus Bäck) #8

Sorry for the pilling on questions, but in particular for filebeat, would i change this all within the yml and if I add that direct example would it theoretically look at all the apache files within that path with ^err and ^warn included lines?

I'm not sure exactly what you're asking but the answer is probably "yes".


(system) #9