Hello,
I have few apps I would like to monitor on one server.
Filebeat config for app1 looks like below:
filebeat:
inputs:
- fields:
fileset:
module: app1
name: debug
fields_under_root: true
multiline.match: after
multiline.negate: true
multiline.pattern: '^ERROR |WARN '
multiline.timeout: 0.01s
multiline.type: pattern
paths:
- /var/log/app1/app1_debug.log*
scan_frequency: 10s
tags:
- app1
- java
type: log
- exclude_lines:
- ^172\.168\.121\.11
- ^172\.168\.121\.122
- ^.*\/app1\/acert_das
fields:
fileset:
app: app1
module: apache
name: access
fields_under_root: true
paths:
- /var/log/httpd/app1_access_log*
scan_frequency: 15s
tags:
- app1
- apache
type: log
Probably trivial question as I'm new to ELK - can you advice what would be the best way to add e.g. app2 to the config?
Kind regards,