Here's my config file:
[root@web1:/etc/filebeat] #egrep -v "^$|^#|^(.)#" filebeat.yml
filebeat:
prospectors:
-
paths:
- /var/log/httpd/jf_ref.example.com_access_log
document_type: apache_ref_access
input_type: log
fields:
service: apache
type: apache_ref_access
-
paths:
- /var/log/httpd/jf_ref.example.com_error_log
document_type: apache_ref_error
input_type: log
fields:
service: apache
type: apache_ref_error
-
paths:
- /var/log/httpd/jf_beta.example.com_access_log
document_type: apache_beta_access
input_type: log
fields:
service: apache
type: apache_beta_access
-
paths:
- /var/log/httpd/jf_beta.example.com_error_log
input_type: log
document_type: apache_beta_error
fields:
service: apache
type: apache_beta_error
-
paths:
- /var/log/httpd/jf_dev.example.com_access_log
document_type: apache_dev_access
input_type: log
fields:
service: apache
type: apache_dev_access
-
paths:
- /var/log/httpd/jf_dev.example.com_error_log
document_type: apache_dev_error
input_type: log
fields:
service: apache
type: apache_dev_error
-
paths:
- /var/log/httpd/jf_php_error.log
document_type: php
input_type: log
fields:
service: php
type: php
-
paths:
- /var/log/nginx/access.log
document_type: nginx-access
input_type: log
fields:
service: nginx
type: nginx-access
-
paths:
- /var/log/nginx/error.log
document_type: nginx-error
input_type: log
fields:
service: nginx
type: nginx-error
-
paths:
- /var/log/cassandra/system.log
- /var/log/cassandra/cassandra.log
document_type: cassandra
input_type: log
fields:
service: cassandra
type: cassandra
-
paths:
- /var/log/mysqld.log
document_type: mysql
input_type: log
fields:
service: mysql
type: mysql
-
paths:
- /var/log/mariadb/mariadb.log
document_type: mariadb
input_type: log
fields:
service: mariadb
type: mariadb
-
paths:
- /var/log/maillog
- /var/log/mail.log
document_type: postfix
input_type: postfix
fields:
service: postfix
type: postfix
-
paths:
- /var/log/puppet/puppet.log
document_type: puppet
input_type: log
fields:
service: puppet
type: puppet
-
paths:
- /var/log/messages
- /var/log/syslog
document_type: syslog
input_type: log
fields:
service: syslog
type: syslog
-
paths:
- /var/log/boot.log
- /var/log/cron
- /var/log/dmesg
- /var/log/yum.log
document_type: system
input_type: log
fields:
service: system
type: system
-
paths:
- /var/log/secure
document_type: security
input_type: log
fields:
service: security
type: security
-
paths:
- /var/log/varnish/varnish.log
document_type: varnish
input_type: log
fields:
service: varnish
type: varnish
-
paths:
- /var/log/mcollective.log
document_type: mcollective
input_type: log
fields:
service: mcollective
type: mcollective
-
paths:
- /var/log/.log
- /var/log//.log
document_type: catch_all
input_type: log
fields:
service: catch_all
type: cacth_all
registry_file: /var/lib/filebeat/registry
output:
logstash:
hosts:
- logs.example.com:5000
index: filebeat
shipper:
name: filebeat
tags: ["example-dev", "web-tier"]
ignore_outgoing: true
refresh_topology_freq: 10
logy_expire: 15
logging:
level: debug
to_files: true
to_syslog: false
files:
path: /var/log/filebeat
name: filebeat.log
files: 7
Thanks