How to configure Filebeat -> ELK Docker Container correctly?

zoram · October 24, 2016, 3:07pm

Dear All,

I have already installed on my local computer ELK Docker Container and Filebeat.

I could read my local glassfish log directly from Kibana dashboard. But I want that the log file should be forwarding to ELK Container "Logstash" first.

under my ELK Container I found this conf.d folder with the following files

root@4569cf1f66ab:/etc/logstash/conf.d# ls
01-lumberjack-input.conf  02-beats-input.conf  10-syslog.conf  11-nginx.conf  30-output.conf

My current configuration look like here.

filebeat.yml file

################### Filebeat Configuration Example #########################

############################# Filebeat ######################################
filebeat:
  # List of prospectors to fetch data.
  prospectors:
        - /Users/mmlug/Documents/university/project/runtime/glassfish-3.1/glassfish/domains/domain1/logs/server.log
        #- c:\programdata\elasticsearch\logs\*
      input_type: log
      exclude_lines: ["^DBG"]
	  
output:
  ### Elasticsearch as output
  elasticsearch:
	hosts: ["localhost:9200"]

  ### Logstash as output
  #logstash:
    # The Logstash hosts
   	#hosts: ["localhost:5044"]

Step 1 Starting Docker  : sudo docker-compose up elk
Step 2 : sudo ./filebeat -e -c filebeat.yml -d "publish"

When I enable "Logstash" as a output, I always got an errors as below...

Loading config file error: YAML config parsing failed on filebeat.yml: yaml: line 279: found character that cannot start any token. Exiting.

Many thanks in advance.

Best Regards,
Thomas.

ruflin · October 25, 2016, 7:34am

Could it be that your filebeat.yml is much longer then what you posted above? There seems to be a problem on lin 279. Most of the time the issue with yaml is using tabs instead of spaces.

zoram · October 25, 2016, 2:25pm

hi ruflin,

Thanks.! Yes, I could fixed the error.
After editing "02-beats-input.conf" under ":/etc/logstash/conf.d" I could now see the glassfish logs in kibana.

Do you know how I can proper display glassfish multiple line logs in Kibana?

Best Regards,
Thomas

ruflin · October 25, 2016, 3:15pm

That is probably what you are looking for: https://www.elastic.co/guide/en/beats/filebeat/5.0/multiline-examples.html#multiline-examples

zoram · November 1, 2016, 3:32pm

thanks @ruflin

system · November 14, 2016, 3:07pm

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
Help me - How can I configure firebeat to read log files from log folder Beats filebeat	4	272	October 9, 2023
Filebeat log file input empty in Kibana Beats docker , filebeat	2	395	October 24, 2022
Install & configuration of live logs with logstash (docker) Logstash docker	3	1271	September 8, 2022
I'm lost to why beats isn't passing logs to logstash Beats filebeat	12	1804	May 20, 2021
Help you need to configure log files via filebeat and not logstash Beats docker , filebeat	7	183	March 6, 2024

How to configure Filebeat -> ELK Docker Container correctly?

Related Topics