Hello,
I'm currently installing version ELK8.10.
my system diagram like this one
filebeat -> es cluster
my problem is my server has mutiple log need to collect .
such as. nginx, php log, rsyslog ...
and I know filebeat has nginx module and show defaut dashboard for me.
But I try a lot time can't do that.
can someone help me?
output.elasticsearch:
hosts: ["172.31.19.190:9200"]
protocol: "https"
username: "elastic"
password: "$password"
ssl.certificate_authorities: ["/etc/filebeat/http_ca.crt"]
ssl.verification_mode: "certificate"
indices:
- index: "repo-php-dev"
when.contains:
tags: "php"
- index: "repo-nginx-dev"
# setup.template.enabled: false
setup.template.name: "repo-nginx-dev"
setup.template.pattern: "repo-nginx-dev"
# I can't use two datastream..? So I only set one for nginx .
filebeat/module/nginx.yml
# Module: nginx
# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-nginx.html
- module: nginx
# Access logs
access:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
# var.paths: [ "/var/log/nginx/access.log" ]
var.paths: [ "/var/log/nginx/*.log" ]
# Error logs
error:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: [ "/var/log/nginx/*.log" ]
# Ingress-nginx controller logs. This is disabled by default. It could be used in Kubernetes environments to parse ingress-nginx logs
ingress_controller:
enabled: false
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
#var.paths:
~
Now , my kibana has two indices , I've see my log coming to indics.
, but when I change dashboard source "repo-nginx-dev" , It not work.
In concusion .
How can I combine filestream and modules in the same filebeat conf?