JournalBeat Logstash configuration

moriol · November 13, 2017, 4:04pm

I am trying to get the JournalBeat installed and working, so it can take my systemd logs and send them to ElasticSearch. I am running Centos 7.3.

The steps I completed:

I have downloaded the zip file file from https://github.com/mheese/journalbeat and extracted the contents under /usr/local/bin.
2)I have my journalbeat.yml file placed under /usr/local/bin/journalbeat-master/etc
3)I have Logstash configuration as follows:
input {
beats {
port => 5044
}
}
filter {
if [type] == "journal" {
json {
source => "message"
skip_on_invalid_json => true
}
}
}

output {
elasticsearch {
hosts => [ "127.0.0.1:9200" ]
index => "syslog-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
4)I started logstash with the configuration file and see that I am listening on port 5044.

I do not see any systemd output in my console or anything in the index.
Can you please let me know how to configure this correctly?

moriol · November 13, 2017, 5:02pm

I managed to get journalbeat installed and possible to start, thanks to this thread:

How can I get this to take my logs from systemd and send them to ES?

moriol · November 22, 2017, 1:23pm

The answer is to specify specific services you want to monitor in journalbeat.yml, under units section, for example:
units: ["sshd.service"]

system · December 11, 2017, 4:04pm

This topic was automatically closed after 28 days. New replies are no longer allowed.

Topic		Replies	Views
How to send an application (systemd service) logs to Logstash using Journalbeat? Beats journalbeat	3	4272	November 4, 2022
How to send an application (systemd service) logs to Logstash? Beats journalbeat	2	931	January 8, 2020
Filebeat, Logstash issue Beats filebeat	3	340	October 3, 2019
Filebeat failing Beats filebeat	2	329	October 7, 2019
Journalbeat + monitoring API Beats	2	1014	December 20, 2017

JournalBeat Logstash configuration

Related topics