I'm using hints-based autodiscover for filebeats deployed to a Kubernetes environment. Per the docs, I can direct different streams to different filesets, per the following example for nginx:
co.elastic.logs/module: nginx
co.elastic.logs/fileset.stdout: access
co.elastic.logs/fileset.stderr: error
I'm turning on a module (elasticsearch) that appears to have > 2 filesets (it appears to have 5?).
How can I separate out the filesets in this situation?
I'm not sure if i understand your concern. In general there are two properties to do that:
I've already seen this part of the documentation and have it implemented. However, specifically for the Elasticsearch module, there appear to be five separate datasets (audit, deprecation, gc, server, and slowlog), and no indication which stream they're sent to with the official Elastic filebeat image (as far as I can tell). Specifically, I'm trying to determine with this whether I can still split the logs by dataset and, if so, how?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.