Hi,
I've recently been upgrading a few Ubuntu Servers to 16.04LTS and I notice they've been shifting towards systemd and its associated journald for logging.
Does anything special need to be done with Filebeat (or indeed, do I need to wait for Elastic to integrate support) ?
What does your current setup look like? As long as journald writes the logs to files, Filebeat can pick up the files.
Journald is using some binary format which is not understood by filebeat. Another option is to configure journald to use syslog output. Maybe the logstash syslog input plugin can be used here or use syslog to write logs to local file to be pushed by filebeat.
There's also a community beat supporting journald, but I never tried to build this myself: https://github.com/mheese/journalbeat
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.