hreidar/filebeat.yml

## filebeat.yml
filebeat:
    prospectors:
        -
            paths:
                - "/nfsmount/cnr01/ip_leased.log"
            input_type: log
            document_type: ipv4_lease_log
            fields_under_root: true
            fields:
                origin: cnr01
        -
            paths:
                - "/nfsmount/cnr02/ip_leased.log"
            input_type: log
            document_type: ipv4_lease_log
            fields_under_root: true
            fields:
                origin: cnr02
        -
            paths:
                - "/nfsmount/cnr01/ipv6_leased.log"
            input_type: log
            document_type: ipv6_lease_log
            fields_under_root: true
            fields:
                origin: cnr01
            multiline:
                pattern: ^[[:space:]]
                match: after
        -
            paths:
                - "/nfsmount/cnr02/ipv6_leased.log"
            input_type: log
            document_type: ipv6_lease_log
            fields_under_root: true
            fields:
                origin: cnr02
            multiline:
                pattern: ^[[:space:]]
                match: after
        -
            paths:
                - "/nfsmount/back01/i-OSS."
            input_type: log
            document_type: oss
            fields_under_root: true
            fields:
                origin: back01
            multiline:
                pattern: ^(\()
                match: after
        -
            paths:
                - "/nfsmount/cnr01-auto/AUTODISCOVERYFE.log"
            input_type: log
            document_type: autoDiscovery_log
            fields_under_root: true
            fields:
                origin: cnr01

output:
    logstash:
        hosts: ["k8s-c1-w1:31282","k8s-c1-w2:31282","k8s-c1-w3:31282"]
shipper:
logging:
    to_files: true
    files:
        path: /var/log/filebeat
        number_of_files: 5
        rotateeverybytes: 10485760 # = 10MB
    level: error
	filebeat:
	prospectors:
	-
	paths:
	- "/nfsmount/cnr01/ip_leased.log"
	input_type: log
	document_type: ipv4_lease_log
	fields_under_root: true
	fields:
	origin: cnr01
	-
	paths:
	- "/nfsmount/cnr02/ip_leased.log"
	input_type: log
	document_type: ipv4_lease_log
	fields_under_root: true
	fields:
	origin: cnr02
	-
	paths:
	- "/nfsmount/cnr01/ipv6_leased.log"
	input_type: log
	document_type: ipv6_lease_log
	fields_under_root: true
	fields:
	origin: cnr01
	multiline:
	pattern: ^[[:space:]]
	match: after
	-
	paths:
	- "/nfsmount/cnr02/ipv6_leased.log"
	input_type: log
	document_type: ipv6_lease_log
	fields_under_root: true
	fields:
	origin: cnr02
	multiline:
	pattern: ^[[:space:]]
	match: after
	-
	paths:
	- "/nfsmount/back01/i-OSS."
	input_type: log
	document_type: oss
	fields_under_root: true
	fields:
	origin: back01
	multiline:
	pattern: ^(\()
	match: after
	-
	paths:
	- "/nfsmount/cnr01-auto/AUTODISCOVERYFE.log"
	input_type: log
	document_type: autoDiscovery_log
	fields_under_root: true
	fields:
	origin: cnr01

	output:
	logstash:
	hosts: ["k8s-c1-w1:31282","k8s-c1-w2:31282","k8s-c1-w3:31282"]
	shipper:
	logging:
	to_files: true
	files:
	path: /var/log/filebeat
	number_of_files: 5
	rotateeverybytes: 10485760 # = 10MB
	level: error