Hi Everyone, We are trying to configure filebeat to collect logs for both OS and DB on the server, but we found that OS logs are collecting database logs are not recieving. Can someone Please help on it.
filebeat.inputs:
- type: log
enabled: true
ignore_older: 72h
paths:
- /var/log/messages
processors:
- add_fields:
fields:
log_type: operating_system
#------------------------------------------------------------------------for DB
- type: log
enabled: true
ignore_older: 72h
paths:
- /data/mysqldata/mysqld.log
processors:
- add_fields:
fields:
log_type: database
#-----------------------------------------------------------------------
close.timeout: 5m
setup.kibana:
host: "*.*.*.*:5601"
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: true
# Period on which files under path should be checked for changes
#reload.period: 10s
setup.template:
name: 'cli_infra'
pattern: 'cli_infra*'
settings:
index.number_of_shards: 3
index.number_of_replicas: 1
setup.ilm.enabled: false
setup.template.enabled: false
output.elasticsearch:
hosts: ["*.*.*.*:9200","*.*.*.*:9200","*.*.*.*:9200"]
protocol: "https"
username: '88888888'
password: '999999999'
#ssl.truststore.path: /etc/metricbeat/certs/elastic-certificates-http.p12
ssl.verification_mode: none
indices:
- index: 'cli_infra_linux-%{+yyyy.MM.dd}'
when.equals:
fields.log_type: 'operating_system'
- index: 'cli_infra_database-%{[agent.hostname]}-%{+yyyy.MM.dd}'
when.equals:
fields.log_type: 'database'
#ssl.certificateAuthorities: [ "/etc/metricbeat/certs/elasticsearch-http-ca.pem" ]
#================================ Processors =====================================
# Configure processors to enhance or manipulate events generated by the beat.
processors:
- add_host_metadata: ~
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/files
name: filebeat
keepfiles: 3
permissions: 0640