Hi,
Is it possible to use amqp protocol and dump the logs to elasticsearch using packetbeat
Packetbeat supports the AMQP protocol, so I think it should work, yes.
Thanks, i will check that. Couldn't find this in the documentation
I have included the following line in packet beat configuration
interfaces:
device: any
protcolos:
amqp:
ports: [5672]
When i send the message to amqp. I, can't see any events been published in the debug logs apart from these
2016-04-20T17:08:19+05:30 DBG Packet number: 17743
2016-04-20T17:08:19+05:30 DBG decode packet data
2016-04-20T17:08:19+05:30 DBG IPv4 packet
2016-04-20T17:08:19+05:30 DBG TCP packet
2016-04-20T17:08:19+05:30 DBG Ignore empty non-FIN packet
2016-04-20T17:08:19+05:30 DBG Packet number: 17744
2016-04-20T17:08:19+05:30 DBG decode packet data
2016-04-20T17:08:19+05:30 DBG IPv4 packet
2016-04-20T17:08:19+05:30 DBG TCP packet
2016-04-20T17:08:19+05:30 DBG Ignore empty non-FIN packet
But, on running the command , i can see the logs being dumped on my console of the actual packet being transferred
tcpflow -i any -c port 5672
Could you please guide me on this ? I am using the wrong configuration
Sorry, should have mentioned, the AMQP support was added pretty recently so it's only in 5.0.0-alpha1. Can you try that version, please?
Thanks for pointing me to the right version. I could see the amqp events being pushed to elasticsearch. But, responseTime is being populated as 0. I have auto ack enabled in mq. Do you think this could be a configuration issue from our side in rabbit mq.