Hi, my ocnfiguration filebeat.yml in like
Filebeat.prospectors:
-input_type: log
Paths:
- /mnt/analog/file_name_log
Output.elasticsearch:
hosts: [“27.49.258.78”]
protocol: “https”
when i try to upload log with command cat send me some errors.
I think it occurs because i don't config filebeat.full.yml. I don't understand how can i configure that for apache logs. i've tried add my logstash conf
input {
stdin {
}filter {
grok {
match => {
"message" => '(?:-|%{IPORHOST:clientip}) %{USER:ident} %{USER:auth} [%{HTTPDATE:timestamp}] "%{NOTSPACE:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response:int} (?:-|%{NUMBER:bytes:int}) %{QS:referrer} %{QS:agent}'
}
}
mutate {
add_field => {
"richiesta" => "%{request}"
}
}
mutate {
lowercase => ["request"]
}
date {
match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
target => "@timestamp"
locale => en
}
geoip {
source => "clientip"
}
useragent {
source => "agent"
target => "useragent"
}
}
output {
stdout {
codec => dots {}
}
elasticsearch {
hosts => ["25.528.67.24"]
index => "apache_elastic"
template => "./apache_template.json"
template_name => "apache_elastic"
template_overwrite => false
}
}
When i add this config to filebeat.full.yml sand me lot of error.
What can i do for use filebeat easly like logstash?
thanks for replay. help please