Below is the config I am currently using with logstash to ship logs to the logstash processing servers. I haven't been able to get the below working in the filebeat.yml config on a test centos 7 server (though I imagine it would be the same for centos 6 or 6.5 servers as well). Does anyone know what the filebeat.yml would look like for the below? Please also note I changed the names of the logs and services and such but the point is I don't know the syntax needed to make the below work.
input {
file {
type => "SomeServices"
add_field => { "index" => "test" }
path => [ "/opt/apache-tomcat-7.0.59/logs/SomeServices-rolling.log" ]
sincedb_path => "/var/log/logstash/.sincedb_SomeServices"
sincedb_write_interval => 5
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => "previous"
}
}
file {
type => "SomeServices-WOW-DM"
add_field => { "index" => "test" }
path => [ "/opt/apache-tomcat-7.0.59/logs/SomeServices-WOW-DM-rolling.log" ]
sincedb_path => "/var/log/logstash/.sincedb_SomeServices-WOW-DM"
sincedb_write_interval => 5
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => "previous"
}
}
file {
type => "SomeServicesSup"
add_field => { "index" => "test" }
path => [ "/opt/apache-tomcat-7.0.59/logs/SomeServicesSup-rolling.log" ]
sincedb_path => "/var/log/logstash/.sincedb_SomeServicesSup"
sincedb_write_interval => 5
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601}"
negate => true
what => "previous"
}
}
}