How I can fetch the apache and node logs through filebeat

Priya_Kapoor · August 31, 2020, 8:40am

Both the logs are on same server. I am using filebeat 7.8.0 and want both the apache and node logs on different index.

warkolm · August 31, 2020, 9:50am

Welcome to our community!

Have you looked at the Apache module for Filebeat?

Priya_Kapoor · August 31, 2020, 10:14am

Hey Thanks for responding and I checked apache module it is working fine but now want to fetch the node logs also can you please help me out in that?

warkolm · August 31, 2020, 10:31am

There's no module for that, you will likely just need the file input and consider setting up your own ingest pipeline to process and structure the events.

Priya_Kapoor · August 31, 2020, 10:41am

Can we use the same filebeat.yml config file for apache module and node logs? Because for apache module we are using the elasticsearch output and for node we have to use the logstash output.

warkolm · September 1, 2020, 6:14am

You would need to add a tag to the different logs, and then use a conditional in the output to send them to their specific endpoints.

Priya_Kapoor · September 2, 2020, 6:27am

Rephrasing my question again: My ELK setup is on one server and my Apache and node logs are on different server I want to fetch both the logs through logstash, so I tried "type" & conditional both the things in logstash config file but it is not creating the index separately for both the logs. So, I tried this approach that I enabled the apache module and set the output to elasticsearch in filebeat as filebeat already provide the apache dashboard. Now if I want to fetch the node logs I want to either create a other filebeat instance because I want to fetch the node logs through logstash which is on other server, (if I followed this approach for multiple instance of filebeat I don't know how to do configuration for that) and by setting output as elasticsearch it will not work because my ELK setup is on different server and I want to create a separate index through logstash which is on other server. (I am new to this so I think not able to explain it clearly or not able to tell you the right approach which I am trying but still tried this time to explain it in more descriptiv manner)

warkolm · September 2, 2020, 9:02pm

Can you share the configs you have built so far?

system · September 30, 2020, 11:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.