Use ${hostname} in var.paths

shiv94 · November 5, 2018, 7:42pm

Having 3 nodes in a cluster, enabled elasticsearch module and setting the var.paths to elasticsearch logs path. In these 3 nodes logs are at /var/log/elasticsearch/{hostname}/*.log. Trying to replace the var.paths in all the nodes at once by using /var/log/elasticsearch/{hostname}/*.log

module: elasticsearch
server:
enabled: true
var.paths: ["/var/log/elasticsearch/${hostname}/*.log"]

gc:
enabled: true
var.paths: ["/var/log/elasticsearch/${hostname}/gc.log.[0-9]*"]

Can we add the parameter hostname directly or do we have any other option? Please help me out.

kvch · November 6, 2018, 11:03am

Filebeat can be parametrized using environment variables in the configuration file: https://www.elastic.co/guide/en/beats/filebeat/6.4/using-environ-vars.html

shiv94 · November 7, 2018, 8:56pm

I enabled the elasticsearch module and changed the var.paths as following

module: elasticsearch
server:
enabled: true
var.path: ["/var/log/elasticsearch/server1/* .log"]
gc:
enabled: true
var.paths: ["/var/log/elasticsearch/server1/gc.log.[0-9]*"]

audit:
enabled: true
var.paths: ["/var/log/elasticsearch/server1/*_access.log"]

slowlog:
enabled: true
var.paths: ["/var/log/elasticsearch/server1/*_index_search_slowlog.log"]

deprecation:
enabled: true
var.paths: ["/var/log/elasticsearch/server1/*_deprecation.log"]

In the filebeat logs configured path for server logs is showing as "/var/log/elasticsearch/*.log" its considering the default path why?

2018-11-07T15:45:20.339-0500 INFO crawler/crawler.go:72 Loading Inputs: 1
2018-11-07T15:45:20.344-0500 INFO log/input.go:138 Configured paths: [/var/log/elasticsearch/server1/* _access.log]
2018-11-07T15:45:20.345-0500 INFO log/input.go:138 Configured paths: [/var/log/elasticsearch/server1/* _deprecation.log]
2018-11-07T15:45:20.390-0500 INFO log/input.go:138 Configured paths: [/var/log/elasticsearch/server1/gc.log.[0-9]* ]
2018-11-07T15:45:20.391-0500 INFO log/input.go:138 Configured paths: [/var/log/elasticsearch/ * .log]
2018-11-07T15:45:20.392-0500 INFO log/input.go:138 Configured paths: [/var/log/elasticsearch/server1/* _index_search_slowlog.log]
2018-11-07T15:45:23.282-0500 INFO log/input.go:138 Configured paths: [/var/log/logstash/logstash-plain*.log]
2018-11-07T15:45:23.283-0500 INFO log/input.go:138 Configured paths: [/var/log/logstash/logstash-slowlog-plain*.log]
2018-11-07T15:45:23.323-0500 INFO log/input.go:138 Configured paths: [/var/log/auth.log* /var/log/secure*]
2018-11-07T15:45:23.364-0500 INFO log/input.go:138 Configured paths: [/var/log/messages* /var/log/syslog*]
2018-11-07T15:45:23.364-0500 INFO crawler/crawler.go:106 Loading and starting Inputs completed. Enabled inputs: 0

shiv94 · November 8, 2018, 1:39pm

can anyone help me with this?

kvch · November 8, 2018, 2:43pm

It's possible your configuration is incorrect. Could you please format it using </>, so whitespaces are preserved?

shiv94 · November 8, 2018, 3:25pm

Works, Thanks!

system · December 6, 2018, 3:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.