Elk: Difference between revisions

From bibbleWiki
Jump to navigation Jump to search
VisualWikitext
Created page with "=Gotchas= Running logstash cd /usr/share/logstash sudo bin/logstash --path.settings /etc/logstash --config.reload.automatic Running filebeat sudo filebeat -e -c /etc/fileb..."
 
 
Line 16: Line 16:
Enable inputs (turn off by default)
Enable inputs (turn off by default)
   filebeat.inputs:
   filebeat.inputs:
 
  # Each - is an input. Most options can be set at the input level, so
  # Each - is an input. Most options can be set at the input level, so
  # you can use different inputs for various configurations.
  # you can use different inputs for various configurations.

Latest revision as of 06:20, 21 May 2020

Gotchas

Running logstash 

cd /usr/share/logstash
sudo bin/logstash --path.settings /etc/logstash --config.reload.automatic

Running filebeat 

sudo filebeat -e -c /etc/filebeat/filebeat.yml -d "publish"

Turn off elasticsearch or it fails to start 

/etc/filebeat/filebeat.yml

#output.elasticsearch:
 # Array of hosts to connect to.
 #  hosts: ["localhost:9200"]

Enable inputs (turn off by default) 

 filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log

  # Change to true to enable this input configuration.
  enabled: true
Retrieved from "https://www.bibble.co.nz/mediawiki/index.php?title=Elk&oldid=314"