Hi,
I do use on client side top, packet and filebeat.
The filebeat service ready log file which is json formatted per line.
filebeat.yml
filebeat:
prospectors:
-
paths:
- /srv/ucweb/logs/main*.txt
input_type: log
output:
logstash:
hosts: ["xxxxxx"]
index: filebeat
On server side all beat services first send their data to a logstash with beat import
logstash.config on server:
input {
beats {
port => 5044
# codec => "json_lines"
type => "packetbeat"
}
}
output {
elasticsearch {
hosts => "127.0.0.1:9200"
manage_template => false
index => "%{[@metadata][beat]}"
document_type => "%{[@metadata][type]}"
}
}
My problem is that the JSON content from the logs are just a string in the elasticsearch db. Under the "message" tag. If I comment in codec => "json_lines" no data from filebeat is imported to elasticsearch.
Thank you very much