I'm creating a new module to parse proftpd's xferlog log file. I got the parsing ok, but I'm stuck with Elastic Search mappings. I realized, that the mappings are done by uploading the template file filebeat.template.json (I'm using a Debian package) which is automatically done by filebeat.
I created the fileds.yml for the module, but I can't figure out, how to get it inside the filebeat.template.json. Is there an automatic generator for this or do I have to manually change filebeat.template.json?
Generated files are produced when running make update. However, it is not available when you try to extend the installed deb package.
In order to create a new module to Filebeat, you have to clone the Beats repository. There is a guide on how to create Filebeat modules: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules-devguide.html
Thank you for the pointer. I was following the guide you suggested just didn't find out that I had to run make update.
And another cardinal mistake on my part: I was working on the version 7.0.0-alpha1 instead of 5.5.1.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.