Filebeat.full.yml Complete

Hi, my ocnfiguration filebeat.yml in like

Filebeat.prospectors:
-input_type: log
Paths:

  • /mnt/analog/file_name_log
    Output.elasticsearch:
    hosts: [“27.49.258.78”]
    protocol: “https”

when i try to upload log with command cat send me some errors.
I think it occurs because i don't config filebeat.full.yml. I don't understand how can i configure that for apache logs. i've tried add my logstash conf

input {
stdin {
}

filter {
grok {
match => {
"message" => '(?:-|%{IPORHOST:clientip}) %{USER:ident} %{USER:auth} [%{HTTPDATE:timestamp}] "%{NOTSPACE:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response:int} (?:-|%{NUMBER:bytes:int}) %{QS:referrer} %{QS:agent}'
}
}
mutate {
add_field => {
"richiesta" => "%{request}"
}
}
mutate {
lowercase => ["request"]
}
date {
match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
target => "@timestamp"
locale => en
}

geoip {
source => "clientip"
}

useragent {
source => "agent"
target => "useragent"
}
}

output {
stdout {
codec => dots {}
}
elasticsearch {
hosts => ["25.528.67.24"]
index => "apache_elastic"
template => "./apache_template.json"
template_name => "apache_elastic"
template_overwrite => false
}
}

When i add this config to filebeat.full.yml sand me lot of error.
What can i do for use filebeat easly like logstash?
thanks for replay. help please

filebeat.full.yml is a reference file. It is not read by Filebeat.

I recommend that you follow the Filebeat getting started guide, and ensure that you have a beats input enabled in your Logstash config (which is covered by the guide).

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.