jarpy
commented
6 years ago Hi,
Please format your config YAML with triple-ticks ( ``` ) so that it's valid and readable.
Thanks.
Closed feblilac closed 6 years ago
jarpy
commented
6 years ago Hi,
Please format your config YAML with triple-ticks ( ``` ) so that it's valid and readable.
Thanks.
feblilac
commented
6 years ago Hi, The config YAML is like this:
filebeat.prospectors:
- type: log
# Change to true to enable this prospector configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /xx/xx/xx/xx/*
# Exclude lines. A list of regular expressions to match. It drops the lines that are
# matching any regular expression from the list.
exclude_lines: ['INFO']
# The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
multiline.pattern: ^[0-2][0-2][0-9][0-9]-[0-9][0-9]-[0-9][0-9] [0-2][0-9]:[0-5][0-9]:[0-5][0-9].[0-9][0-9][0-9]
# Defines if the pattern set under pattern should be negated or not. Default is false.
multiline.negate: true
# Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
# that was (not) matched before or after or as long as a pattern is not matched based on negate.
# Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
multiline.match: after
#============================= Filebeat modules ===============================
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["x.x.x.x:5044","x.x.x.x:5044"]
loadbalance: true
worker: 2
#================================ Logging =====================================
# Sets log level. The default log level is info.
# Available log levels are: error, warning, info, debug
logging:
level: warning
to_files: true
files:
path: /usr/share/filebeat/logs
name: filebeat.log
keepfiles: 7
andrewkroh
commented
6 years ago By default the container is started with -e which causes all logging to go to stderr so that things like docker logs work as expected.
To override this behavior you can pass in -e=false as an argument.
feblilac
commented
6 years ago Thanks! The problem has been solved.
For confirmed bugs, please report:
set the config file: /xxxx/filebeat/config/filebeat.yml like this: logging.level: info logging.to_files: true logging.files: path: /usr/share/filebeat/logs name: filebeat keepfiles: 7 permissions: 0664
and then run docker container: docker run -d --restart=always --name=filebeat -v /xxxx/filebeat/logs/:/usr/share/filebeat/logs -v /xxxx/filebeat/config/filebeat.yml:/usr/share/filebeat/filebeat.yml docker.elastic.co/beats/filebeat:6.2.3
but there is no log file in "/xxxx/filebeat/logs/" on VM,also no file in "/usr/share/filebeat/logs" in the container.