Hi guys.
I'm trying to setup an ELK using Filebeat and Docker.
I've created a new conf file under /etc/logstash/conf.d with the filters that I had from previous tests with ELK years ago.
# UAT Web industry filter
if [type] == "uat_web_industry_log" {
mutate {
replace => { 'host' => 'uatapp.datacentre.example.com' }
add_field => { 'environment' => 'uat'
'service' => 'web_industry'
}
}
grok {
match => {
"message" => "(?m)%{LOGLEVEL:log-level}%{SPACE}%{SPACE}%{TIMESTAMP_ISO8601:timestamp }%{SPACE}%{DATA:class}%{SPACE}-%{SPACE}%{GREEDYDATA:message}"
}
overwrite => [ 'message' ]
}
}
When creating an Index pattern on Kibana, I can only create with filebeat*, if I try something else it will give me an Your index pattern doesn't match any indices error.
How can I make that conf file recognized by ELK?
filebeat.yml:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
output:
logstash:
enabled: true
hosts:
- elk:5044
timeout: 15
ssl:
certificate_authorities:
- /etc/pki/tls/certs/logstash-beats.crt
filebeat:
inputs:
-
paths:
- /var/log/httpd/robot_access_log
document_type: robot-apache-access
-
paths:
- /var/log/httpd/error_log_robot
document_type: robot-apache-error