Filebeat apache2 configuration

cahlasem · July 13, 2018, 11:10am

Hi All,

I am just trying elastic cloud and want to forward my apache logs into the cloud. I am getting my website up and running using XAMPP

The installation location is at C:\AppServ

I try to enable apache2 module and edit the configuration to meet my apache2 logs location but the logs never shown on the dashboard

This is the configuration i made

module: apache2

Access logs

access:
enabled: true
var.paths: ["C:\AppServ\Apache24\logs\access.log*"]

Error logs

error:
enabled: true
var.paths: ["C:\AppServ\Apache24\logs\error.log*"]
I try to run \filebeat.exe setup but got this error

jsoriano · July 13, 2018, 2:41pm

Hi @cahlasem and welcome!

As the path contains backslashes, they have to be enclosed between single quotes (var.paths: ['C:\AppServ\Apache24\logs\access.log*'] or escaped (with double backslash \\).

cahlasem · July 13, 2018, 3:40pm

Hi @jsoriano Thanks for your help, i think it works now because there is no error when i run filebeat setup. But in the Kibana Dashboard and Discover menu i do not see any logs coming in, i already triggered a lot of logs into my dummy website.
Where to check whether filebeat already sent the logs to the cloud or failed in reading the logs?

jsoriano · July 13, 2018, 5:03pm

You can check filebeat logs, there will appear any error. You can also see in the logs when filebeat starts reading a file on lines like:

INFO    log/harvester.go:228    Harvester started for file: C:\AppServ\Apache24\...

If you don't see any of these lines, check that the paths where apache is writing match the path you configured in var.paths.

cahlasem · July 14, 2018, 3:40am

Now i can get it work, the next problem is that Kibana or Elastic ( i am not sure which one) changed my timestamp into their timezone like seen below. Where is the configuration to make elastic/kibana stick into my logs timestamp?

jsoriano · July 14, 2018, 11:35am

You can use the var.convert_timezone option, that reads the local timezone and uses it to parse the timestamp in the logs and convert it to UTC.

cahlasem · July 15, 2018, 3:03am

Already set var.convert_timezone to true and in the kibana i got beat.timezone field is added, but the conversion to UTC is not made, i am running the latest elasticsearch, kibana and filebeat
Any additional configuration i missed?

Should i add var.convert_timezone in every modules that i enabled? i just tried in system modules only

jsoriano · July 18, 2018, 10:26am

Kibana shows dates in the timezone of your browser by default, you can see the @timestamp value really stored in elasticsearch looking at the JSON tab.

You can change the timezone kibana uses with the dateFormat:tz setting in the Advanced Settings in the management tab.

system · August 1, 2018, 10:32am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.