Hi There,
Quite new to beats here, previously success shippping logs using logstash to parsing and ship to Redis & ELK.
I would like some advise on Packetbeat. I tried both rpm and tar package on my Centos 6 but it seems nothing happens. The filebeat process seems unresponsive after executing it with my .yml configuration file. Also there is no logs to check the process running. Is there something wrong on my configuation shown below:
filebeat:
prospectors:
paths:
- /opt/apps/apps_dump/apps_access.log-20151123
- input_type: log
- tail_files: true
- registry_file: /var/lib/filebeat/registry
output:
logstash:
enable: true
hosts: ["192.168.28.202:5044"]
worker:
loadbalance: true
index: mybeat
logging:
to_files: true
level: debug
files:
path: /var/log/mybeat
name: mybeat.log
rotateeverybytes: 10485760
keepfiles: 7
Can anybody also advise what is the best configuration on logstash side, mine as shown below, since there is no space to put filter on filebeat configuration, does this means we have to do filter configuration at logstash side, instead of the shiper.
input {
beats {
port => "5044"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"] }
stdout { codec => json }
}
Thanks in advance.