Journalbeat
Материал из noname.com.ua
Journalbeat
Заметка со сниппетом конфига
- Актуально для версии 7.14.0
- Подробнее https://www.elastic.co/guide/en/beats/journalbeat/current/index.html
include_matches: "_SYSTEMD_UNIT=server42.service"
Пример
journalbeat.inputs: - paths: [] id: "server42-vm" #backoff: 1s #max_backoff: 20s seek: cursor #seek: cursor cursor_seek_fallback: head # Exact matching for field values of events. # Matching for nginx entries: "systemd.unit=nginx" include_matches: "_SYSTEMD_UNIT=server42.service" fields: type: "some-type-of-service" field1: "true" firld2: "true" fields_under_root: true output.logstash: hosts: ['logstash-1.domnain.tld:5544', 'logstash-2.domain.tld:5544'] proxy_url: socks5://proxy.domain.tld:1080 loadbalance: true ssl.supported_protocols: ['TLSv1.1', 'TLSv1.2'] ssl.certificate_authorities: ['/etc/ssl/ca_cert.pem'] ssl.certificate: '/etc/ssl/logstash_cli_cert.pem' ssl.key: '/etc/ssl/logstash_cli_key.pem' processors: - add_host_metadata: ~ - add_cloud_metadata: ~ - add_docker_metadata: ~ # Example: enable for debug #output.file: # path: "/tmp" # filename: journalbeat