Moving away from logstash-forwarder, and missing a couple of options

Don_Pich · March 11, 2016, 8:55pm

I was able to get the installation and configuration of filebeats working fine with one exception.

I am trying to set the output of my beats to follow the following logstash-forwarder configuration:

"files":
  [
     {
         "paths"  : ["/var/log/exim4/mainlog"],
         "fields" : { "logFormat":"exim4","logType":"mailLog" }
     },
         "paths": ["/var/log/syslog"],
         "fields" : {"logFormat":"debiansyslog","logType":"sysLog"}
     },
     {
        "paths": ["/var/log/auth.log"],
        "fields" : {"logFormat":"debiansyslog","logType":"authLog"}
     }
  ]
}

So my simple understanding of the filebeat.yml file, I tried to put this in:

  prospectors:
    # Exim Mail Logs
    - paths:
      - /var/log/exim4/mainlog
      document_type: mailLog

    # syslog
    - paths:
      - /var/log/syslog
      document_type: sysLog

    # authlog
    - paths:
      - /var/log/auth.log
      document_type: authlog

I have my grok and output filters setup to do stuff with logFormat and logType. So without reinventing the wheel, how can I get the same type of information to pump out of filebeats?

warkolm · March 11, 2016, 11:44pm

Looks like https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html#configuration-fields would do what you want.

Topic		Replies	Views
Multi-File configuration Beats filebeat	7	1483	September 10, 2018
How to configure different types of logs Beats filebeat	4	2444	July 11, 2016
Just cannot have filebeat ouput right! Beats filebeat	2	1315	October 15, 2018
[SOLVED] Filebeat to Logstash best practice Logstash	12	17580	July 17, 2017
Can't send logs from filebeats to logstash Beats filebeat	5	4206	September 21, 2019

Moving away from logstash-forwarder, and missing a couple of options

Related topics