Filebeat 7

Publié le 13 mars 2021 par davidhxxx

Filebeat Commandline

Filebeat commands

run
Runs Filebeat. This command is used by default if you start Filebeat without specifying a command.

setup
Sets up the initial environment, including the index template, ILM policy and write alias, Kibana dashboards (when available), and machine learning jobs (when available).

test
Test config

We can test the config or the output (Elastic or Logstash).

ex: filebeat test config 

Config OK

ex: filebeat test output 

elasticsearch: https://localhost:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 127.0.0.1
    dial up... OK
  TLS...
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 7.11.1
version
Show current version info

Helpful Filebeat flags

-E, --E setting=value              Configuration overwrite
-M, --M setting=value              Module configuration overwrite
-N, --N                            Disable actual publishing for testing
-c, --c string                     Configuration file, relative to path.config (default "filebeat.yml")
--strict.perms                     Strict permission checking on config files (default true)
-v, --v                            Log at INFO level
-e, --e                            Log to stderr and disable syslog/file output

Filebeat index

Default configuration : ILM by default if the cluster supports

Filebeat uses ILM (index lifecycle management) by default when it connects to a cluster that supports lifecycle management (that is the default)
Filebeat loads the default policy automatically and applies it to any indices created by Filebeat.

Attributes configuration

We need to set setup.ilm section of the filebeat.yml.

Here important attributes :

setup.ilm.enabled :
Valid values are true, false, and auto (the default value)
Enables or disables index lifecycle management on any new indices created by Filebeat.
Auto behavior : Filebeat automatically uses ILM if available otherwise Filebeat creates daily indices.

setup.ilm.rollover_alias :
The index lifecycle write alias name.
The default is filebeat-%{[agent.version]}.
Setting this option changes the alias name. IMPORTANT : If you modify this setting after loading the index template, you must overwrite the template to apply the changes.

setup.ilm.pattern :
The rollover index pattern.
The default is %{now/d}-000001.

Example : rollover index every day 

setup.ilm.enabled: auto
setup.ilm.rollover_alias: "filebeat"
setup.ilm.pattern: "{now/d}-000001"
Ce contenu a été publié dans Non classé. Vous pouvez le mettre en favoris avec ce permalien.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *