Skip to content

Instantly share code, notes, and snippets.

@c0psrul3

c0psrul3/filebeat-index-template.json

Forked from thisismitch/filebeat-index-template.json
Created September 12, 2016 18:09
Show Gist options
  • Save c0psrul3/babd6c707913ca5da681b6f7dfb4329e to your computer and use it in GitHub Desktop.
Save c0psrul3/babd6c707913ca5da681b6f7dfb4329e to your computer and use it in GitHub Desktop.
Download ZIP
Filebeat configuration with comments removed
Raw
filebeat-index-template.json
{
"mappings": {
"_default_": {
"_all": {
"enabled": true,
"norms": {
"enabled": false
}
},
"dynamic_templates": [
{
"template1": {
"mapping": {
"doc_values": true,
"ignore_above": 1024,
"index": "not_analyzed",
"type": "{dynamic_type}"
},
"match": "*"
}
}
],
"properties": {
"@timestamp": {
"type": "date"
},
"message": {
"type": "string",
"index": "analyzed"
},
"offset": {
"type": "long",
"doc_values": "true"
},
"geoip" : {
"type" : "object",
"dynamic": true,
"properties" : {
"location" : { "type" : "geo_point" }
}
}
}
}
},
"settings": {
"index.refresh_interval": "5s"
},
"template": "filebeat-*"
}
Raw
filebeat.yml-centos
filebeat:
prospectors:
-
paths:
- /var/log/secure
- /var/log/messages
# - /var/log/*.log
input_type: log
document_type: syslog
registry_file: /var/lib/filebeat/registry
output:
logstash:
hosts: ["elk_server_private_ip:5044"]
bulk_max_size: 1024
tls:
certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
shipper:
logging:
files:
rotateeverybytes: 10485760 # = 10MB
Raw
filebeat.yml-ubuntu
filebeat:
prospectors:
-
paths:
- /var/log/auth.log
- /var/log/syslog
# - /var/log/*.log
input_type: log
document_type: syslog
registry_file: /var/lib/filebeat/registry
output:
logstash:
hosts: ["elk_server_private_ip:5044"]
bulk_max_size: 1024
tls:
certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
shipper:
logging:
files:
rotateeverybytes: 10485760 # = 10MB
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment