Trying to add a new module to filebeat (parsing some application access log); In documentation, last steps are missing...(after running build create- fileset) how to wrap the new module, recompile filebaet?
Is this the guide that you have been following? https://www.elastic.co/guide/en/beats/devguide/current/filebeat-modules-devguide.html
After you do that, you can run make update && make to re-build filebeat, see the general contributor guide: https://www.elastic.co/guide/en/beats/devguide/current/beats-contributing.html
What module are you working on?
Yes, this is the guide. I was trying to add a new module to filebeat (handling my own application log).
Is that a must? recompiling filebeat?
What about filebeat docker container? How do I do that inside the container?
For you own application logs, it might be a better option at this point to directly PUT the Ingest node configuration in Elasticsearch. Or you can consider using Logstash instead of Ingest Node as well.
We do plan to make it possible to create Filebeat modules without any developer tools required, but we're not quite there.
Afaik adding new module to filebeat is actually using ingest-mode in elastic...
But I'm asking what are the steps after make module, make fileset, and make fileset-fields.
Recompile filebeat? what about filebeat in docker - should I just copy the new folder created above to it?
It's bit vague..
I tried to put the ingest-mode pipeline directly to ElasticSearch, What to complete in filebeat container?
Thanks
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.