Filebeat / Send Logs

Elastic Stack Beats
1

Hi

I am very new to Elastic and I have set up a lab, with componenets from the 5.6.4 stack (ElasticSearch/LogStash/Kibana/FileBeat)

I have set up a node with FileBeat and can see the logs in Kibana.

My question is, I would like the filebeat agent to look at the logs which are in the yaml file every 5 or 15 minutes and then to send the logs which have new enteries to logstash, but Im not sure how you could do this?

Anyone have any thoughts on this?

Rudee

2

That's exactly what Filebeat is build for. Filebeat will scan files matching the paths glob patterns every now and then (scan_frequency setting). Whenever a log file has been updated, new lines appended to the file will be published.

3

Thanks :slight_smile:

Elastic Fantastic!!!! :slight_smile:

1 Like
4

I have configured the scan_frequency but its not sending the data, any one have any ideas?

rgds

#=========================== Filebeat prospectors =============================

filebeat.prospectors:

Each - is a prospector. Most options can be set at the prospector level, so

you can use different prospectors for various configurations.

Below are the prospector specific configurations.

  • input_type: log

    Paths that should be crawled and fetched. Glob based paths.

    paths:

    - /var/log/*.log

    -/var/log/messages
    -/var/log/secure
    #- c:\programdata\elasticsearch\logs*
    scan_frequency: 60s

    Exclude lines. A list of regular expressions to match. It drops the lines that are

    matching any regular expression from the list.

    #exclude_lines: ["^DBG"]

5

After reading the docs, and cleaning up the filebeat.yml file I managed to get it to work.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.