From aa647953e0976e1f26ab241e42beaca371112f91 Mon Sep 17 00:00:00 2001
From: Mohammed Naser <mnaser@vexxhost.com>
Date: Thu, 27 Sep 2018 14:54:51 -0400
Subject: [PATCH] Refactor Filebeat configuration file
- Avoid checking item by item, we always enable modules and
prospectors, with an option to disable with opt-in
- Updated MySQL and Apache modules to point to right path
- Improved and clean-up tagging
- All the prospectors are managed using a variable
Change-Id: I2a091669d6a77fd2c89a073cf9071292793e2f6b
---
.../roles/elastic_filebeat/defaults/main.yml | 268 +++++
.../roles/elastic_filebeat/tasks/main.yml | 110 --
.../templates/filebeat.yml.j2 | 1002 +----------------
3 files changed, 304 insertions(+), 1076 deletions(-)
diff --git a/elk_metrics_6x/roles/elastic_filebeat/defaults/main.yml b/elk_metrics_6x/roles/elastic_filebeat/defaults/main.yml
index ade4e066..0a6dae1a 100644
--- a/elk_metrics_6x/roles/elastic_filebeat/defaults/main.yml
+++ b/elk_metrics_6x/roles/elastic_filebeat/defaults/main.yml
@@ -14,3 +14,271 @@
# limitations under the License.
filebeat_service_state: restarted
+filebeat_oslo_log_multiline_config:
+ pattern: '^[0-9-]{10} +[0-9:\.]+ +[0-9]+ +[A-Z]+ +[A-Za-z0-9\._]+ \[|Traceback'
+ negate: true
+ match: after
+filebeat_prospectors:
+ - type: log
+ enabled: "{{ filebeat_repo_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*repo_container*/apt-cacher-ng/apt-cacher.*
+ - /openstack/log/*repo_container*/pypiserver/*.log
+ - /openstack/log/*repo_container*/rsyncd.log
+ tags:
+ - infrastructure
+ - repo-server
+ - type: log
+ enabled: "{{ filebeat_haproxy_enabled | default(true) }}"
+ paths:
+ - /var/log/haproxy/*.log
+ tags:
+ - infrastructure
+ - haproxy
+ - type: log
+ enabled: "{{ filebeat_rabbitmq_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*rabbit*/rabbitmq/*.log
+ - /openstack/log/*rabbit*/rabbitmq/log/*.log
+ - /var/log/rabbitmq/*.log
+ - /var/log/rabbitmq/log/*.log
+ multiline:
+ pattern: '^='
+ negate: true
+ match: after
+ tags:
+ - infrastructure
+ - rabbitmq
+ - type: log
+ enabled: "{{ filebeat_ceph_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*ceph*/ceph/ceph-mon.*.log
+ - /var/log/ceph/ceph-mon.*.log
+ tags:
+ - infrastructure
+ - ceph
+ - ceph-mon
+ - type: log
+ enabled: "{{ filebeat_ceph_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*ceph*/ceph/ceph-mgr.*.log
+ - /var/log/ceph/ceph-mgr.*.log
+ tags:
+ - infrastructure
+ - ceph
+ - ceph-mgr
+ - type: log
+ enabled: "{{ filebeat_ceph_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*ceph*/ceph/ceph-osd.*.log
+ - /var/log/ceph-osd.*.log
+ tags:
+ - infrastructure
+ - ceph
+ - ceph-osd
+ - type: log
+ enabled: "{{ filebeat_keystone_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*keystone*/keystone/keystone.log
+ - /var/log/keystone/keystone.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - keystone
+ # NOTE(mnaser): Barbican ships to Journal
+ - type: log
+ enabled: "{{ filebeat_glance_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*glance*/glance/*.log
+ - /var/log/glance/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - glance
+ # NOTE(mnaser): Cinder ships to journal
+ - type: log
+ enabled: "{{ filebeat_nova_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*nova*/nova/*.log
+ - /var/log/nova/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - nova
+ - type: log
+ enabled: "{{ filebeat_neutron_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*neutron*/neutron/*.log
+ - /var/log/neutron/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - neutron
+ - type: log
+ enabled: "{{ filebeat_heat_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*heat*/heat/*.log
+ - /var/log/heat/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - heat
+ - type: log
+ enabled: "{{ filebeat_designate_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*designate*/designate/*.log
+ - /var/log/designate/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - designate
+ - type: log
+ enabled: "{{ filebeat_swift_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*swift*/account*.log
+ - /var/log/swift/account*.log
+ multiline:
+ pattern: '^[A-Za-z]+[[:space:]]* +[0-9]{1,2} +[0-9:\.]+ +[A-Za-z0-9-]+ container-replicator: +[A-Za-z0-9-\ ]+'
+ negate: false
+ match: after
+ tags:
+ - openstack
+ - swift
+ - swift-account
+ - type: log
+ enabled: "{{ filebeat_swift_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*swift*/container*.log
+ - /var/log/swift/container*.log
+ multiline:
+ pattern: '^[A-Za-z]+[[:space:]]* +[0-9]{1,2} +[0-9:\.]+ +[A-Za-z0-9-]+ account-replicator: +[A-Za-z0-9-\ ]+'
+ negate: false
+ match: after
+ tags:
+ - openstack
+ - swift
+ - swift-container
+ - type: log
+ enabled: "{{ filebeat_swift_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*swift*/object*.log
+ - /var/log/swift/object*.log
+ multiline:
+ pattern: '^[A-Za-z]+[[:space:]]* +[0-9]{1,2} +[0-9:\.]+ +[A-Za-z0-9-]+ object-replicator: +[A-Za-z0-9-\ ]+'
+ negate: false
+ match: after
+ tags:
+ - openstack
+ - swift
+ - swift-object
+ - type: log
+ enabled: "{{ filebeat_swift_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*swift*/proxy*.log
+ - /var/log/swift/proxy*.log
+ tags:
+ - openstack
+ - swift
+ - swift-proxy
+ - type: log
+ enabled: "{{ filebeat_gnocchi_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*gnocchi*/gnocchi/*.log
+ - /var/log/gnocchi/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - gnocchi
+ - type: log
+ enabled: "{{ filebeat_ceilometer_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*ceilometer*/ceilometer/*.log
+ - /var/log/ceilometer/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - ceilometer
+ - type: log
+ enabled: "{{ filebeat_aodh_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*aodh*/aodh/*.log
+ - /var/log/aodh/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - aodh
+ - type: log
+ enabled: "{{ filebeat_ironic_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*ironic*/ironic/*.log
+ - /var/log/ironic/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - ironic
+ - type: log
+ enabled: "{{ filebeat_magnum_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*magnum*/magnum/*.log
+ - /var/log/magnum/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - magnum
+ - type: log
+ enabled: "{{ filebeat_trove_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*trove*/trove/*.log
+ - /var/log/trove/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - trove
+ - type: log
+ enabled: "{{ filebeat_sahara_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*sahara*/sahara/*.log
+ - /var/log/sahara/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - sahara
+ - type: log
+ enabled: "{{ filebeat_octavia_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*octavia*/octavia/*.log
+ - /var/log/octavia/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - octavia
+ - type: log
+ enabled: "{{ filebeat_tacker_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*tacker*/tacker/*.log
+ - /var/log/tacker/*.log
+ multiline: "{{ filebeat_oslo_log_multiline_config }}"
+ tags:
+ - openstack
+ - tacker
+ - type: log
+ enabled: "{{ filebeat_system_enabled | default(true) }}"
+ paths:
+ - /openstack/log/ansible-logging/*.log
+ - /var/log/*.log
+ - /var/log/libvirt/*.log
+ - /var/log/libvirt/*/*.log
+ - /var/log/lxc/*.log
+ tags:
+ - system
+ - type: log
+ enabled: "{{ filebeat_logging_enabled | default(true) }}"
+ paths:
+ - /openstack/log/*/beats/*.log
+ - /openstack/log/*/curator/curator
+ - /openstack/log/*/elasticsearch/*.log
+ - /var/log/beats/*.log
+ - /var/log/curator/curator
+ - /var/log/elasticsearch/*.log
+ tags:
+ - beats
diff --git a/elk_metrics_6x/roles/elastic_filebeat/tasks/main.yml b/elk_metrics_6x/roles/elastic_filebeat/tasks/main.yml
index a73aae7f..63cbfc7c 100644
--- a/elk_metrics_6x/roles/elastic_filebeat/tasks/main.yml
+++ b/elk_metrics_6x/roles/elastic_filebeat/tasks/main.yml
@@ -75,116 +75,6 @@
notify:
- Enable and restart filebeat
-- name: Check for apache
- stat:
- path: /etc/apache2
- register: apache2
-
-- name: Check for auditd
- stat:
- path: /etc/audit
- register: audit
-
-- name: Check for ceph
- stat:
- path: /var/log/ceph
- register: ceph
-
-- name: Check for cinder
- stat:
- path: /var/log/cinder
- register: cinder
-
-- name: Check for glance
- stat:
- path: /var/log/glance
- register: glance
-
-- name: Check for heat
- stat:
- path: /var/log/heat
- register: heat
-
-- name: Check for horizon
- stat:
- path: /var/log/horizon
- register: horizon
-
-- name: Check for httpd
- stat:
- path: /var/log/httpd
- register: httpd
-
-- name: Check for keystone
- stat:
- path: /var/log/keystone
- register: keystone
-
-- name: Check for mysql
- stat:
- path: /var/lib/mysql
- register: mysql
-
-- name: Check for neutron
- stat:
- path: /var/log/neutron
- register: neutron
-
-- name: Check for nginx
- stat:
- path: /var/log/nginx
- register: nginx
-
-- name: Check for nova
- stat:
- path: /var/log/nova
- register: nova
-
-- name: Check for octavia
- stat:
- path: /var/log/octavia
- register: octavia
-
-- name: Check for swift
- stat:
- path: /var/log/swift
- register: swift
-
-- name: Check for rabbitmq
- stat:
- path: /var/lib/rabbitmq
- register: rabbitmq
-
-- name: Check for designate
- stat:
- path: /var/log/designate
- register: designate
-
-- name: Check for osquery
- stat:
- path: /var/log/osquery/osqueryd.results.log
- register: osquery
-
-- name: Set discovery facts
- set_fact:
- apache_enabled: "{{ (apache2.stat.exists | bool) or (httpd.stat.exists | bool) }}"
- nginx_enabled: "{{ nginx.stat.exists | bool }}"
- auditd_enabled: "{{ audit.stat.exists | bool }}"
- mysql_enabled: "{{ (mysql.stat.exists | bool) or (inventory_hostname in groups['galera_all'] | default([])) }}"
- ceph_enabled: "{{ (ceph.stat.exists | bool) or (inventory_hostname in groups['ceph_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*ceph.*') | list | length) > 0) }}"
- cinder_enabled: "{{ (cinder.stat.exists | bool) or (inventory_hostname in groups['cinder_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*cinder.*') | list | length) > 0) }}"
- glance_enabled: "{{ (glance.stat.exists | bool) or (inventory_hostname in groups['glance_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*glance.*') | list | length) > 0) }}"
- heat_enabled: "{{ (heat.stat.exists | bool) or (inventory_hostname in groups['heat_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*heat.*') | list | length) > 0) }}"
- horizon_enabled: "{{ (horizon.stat.exists | bool) or (inventory_hostname in groups['horizon_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*horizon.*') | list | length) > 0) }}"
- keystone_enabled: "{{ (keystone.stat.exists | bool) or (inventory_hostname in groups['keystone_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*keystone.*') | list | length) > 0) }}"
- neutron_enabled: "{{ (neutron.stat.exists | bool) or (inventory_hostname in groups['neutron_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*neutron.*') | list | length) > 0) }}"
- nova_enabled: "{{ (nova.stat.exists | bool) or (inventory_hostname in groups['nova_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*nova.*') | list | length) > 0) }}"
- octavia_enabled: "{{ (octavia.stat.exists | bool) or (inventory_hostname in groups['octavia_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*octavia.*') | list | length) > 0) }}"
- swift_enabled: "{{ (swift.stat.exists | bool) or (inventory_hostname in groups['swift_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*swift.*') | list | length) > 0) }}"
- rabbitmq_enabled: "{{ (rabbitmq.stat.exists | bool) or (inventory_hostname in groups['rabbitmq_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*rabbit.*') | list | length) > 0) }}"
- designate_enabled: "{{ (designate.stat.exists | bool) or (inventory_hostname in groups['designate_all'] | default([])) or (((groups[inventory_hostname + '-host_containers'] | default([])) | select('match', '.*designate.*') | list | length) > 0) }}"
- osquery_enabled: "{{ osquery.stat.exists | bool }}"
-
- name: Drop Filebeat conf file
template:
src: "filebeat.yml.j2"
diff --git a/elk_metrics_6x/roles/elastic_filebeat/templates/filebeat.yml.j2 b/elk_metrics_6x/roles/elastic_filebeat/templates/filebeat.yml.j2
index 5c50c138..4fb50522 100644
--- a/elk_metrics_6x/roles/elastic_filebeat/templates/filebeat.yml.j2
+++ b/elk_metrics_6x/roles/elastic_filebeat/templates/filebeat.yml.j2
@@ -16,7 +16,7 @@ filebeat.modules:
- module: system
# Syslog
syslog:
- enabled: true
+ enabled: "{{ filebeat_syslog_enabled | default(true) }}"
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
@@ -46,34 +46,19 @@ filebeat.modules:
#------------------------------- Apache2 Module ------------------------------
- module: apache2
- # Access logs
access:
- enabled: {{ apache_enabled | bool }}
-
- # Set custom paths for the log files. If left empty,
- # Filebeat will choose the paths depending on your OS.
- #var.paths:
-
- # Prospector configuration (advanced). Any prospector configuration option
- # can be added under this section.
- #prospector:
-
- # Error logs
+ enabled: "{{ filebeat_httpd_enabled | default(true) }}"
+ var.paths:
+ - /openstack/log/*horizon*/horizon/*access.log
error:
- enabled: {{ apache_enabled | bool }}
-
- # Set custom paths for the log files. If left empty,
- # Filebeat will choose the paths depending on your OS.
- #var.paths:
-
- # Prospector configuration (advanced). Any prospector configuration option
- # can be added under this section.
- #prospector:
+ enabled: "{{ filebeat_httpd_enabled | default(true) }}"
+ var.paths:
+ - /openstack/log/*horizon*/horizon/horizon-error.log
#------------------------------- Auditd Module -------------------------------
- module: auditd
log:
- enabled: {{ apache_enabled | bool }}
+ enabled: "{{ filebeat_auditd_enabled | default(true) }}"
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
@@ -195,62 +180,31 @@ filebeat.modules:
#-------------------------------- MySQL Module -------------------------------
- module: mysql
- # Error logs
error:
- enabled: {{ mysql_enabled | bool }}
-
- # Set custom paths for the log files. If left empty,
- # Filebeat will choose the paths depending on your OS.
+ enabled: "{{ filebeat_galera_enabled | default(true) }}"
var.paths:
- - /var/log/mysql_logs
- - /var/log/mysql
-
- # Prospector configuration (advanced). Any prospector configuration option
- # can be added under this section.
- #prospector:
-
- # Slow logs
+ - /openstack/log/*galera*/mysql_logs/galera_server_error.log
+ - /var/log/mysql_logs/galera_server_error.log
slowlog:
- enabled: {{ mysql_enabled | bool }}
-
- # Set custom paths for the log files. If left empty,
- # Filebeat will choose the paths depending on your OS.
- #var.paths:
-
- # Prospector configuration (advanced). Any prospector configuration option
- # can be added under this section.
- #prospector:
+ enabled: false
#-------------------------------- Nginx Module -------------------------------
- module: nginx
- # Access logs
access:
- enabled: {{ nginx_enabled | bool }}
-
- # Set custom paths for the log files. If left empty,
- # Filebeat will choose the paths depending on your OS.
- #var.paths:
-
- # Prospector configuration (advanced). Any prospector configuration option
- # can be added under this section.
- #prospector:
-
- # Error logs
+ enabled: "{{ filebeat_nginx_enabled | default(true) }}"
+ var.paths:
+ - /openstack/log/*repo_container*/nginx/*access.log
+ - /openstack/log/*keystone*/nginx/*access.log
error:
- enabled: {{ nginx_enabled | bool }}
-
- # Set custom paths for the log files. If left empty,
- # Filebeat will choose the paths depending on your OS.
- #var.paths:
-
- # Prospector configuration (advanced). Any prospector configuration option
- # can be added under this section.
- #prospector:
+ enabled: "{{ filebeat_nginx_enabled | default(true) }}"
+ var.paths:
+ - /openstack/log/*repo_container*/nginx/*error.log
+ - /openstack/log/*keystone*/nginx/*error.log
#------------------------------- Osquery Module ------------------------------
- module: osquery
result:
- enabled: {{ osquery_enabled | bool }}
+ enabled: "{{ filebeat_osquery_enabled | default(true) }}"
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
@@ -326,907 +280,23 @@ filebeat.prospectors:
# * stdin: Reads the standard in
#------------------------------ Log prospector --------------------------------
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ designate_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
+{% for p in filebeat_prospectors %}
+- type: {{ p['type'] }}
+ enabled: {{ p['enabled'] }}
paths:
- - /var/log/designate/*.log
- - /openstack/log/*designate*/*.log
- - /openstack/log/*designate*/designate/*.log
-
- ### Multiline options
-
- # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
- multiline.pattern: '^[0-9-]{10} +[0-9:\.]+ +[0-9]+ +[A-Z]+ +[A-Za-z0-9\._]+ \[|Traceback'
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: true
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
+{% for path in p['paths'] %}
+ - {{ path }}
+{% endfor %}
+{% if 'multiline' in p %}
+ multiline.pattern: '{{ p['multiline']['pattern'] }}'
+ multiline.negate: {{ p['multiline']['negate'] }}
+ multiline.match: {{ p['multiline']['match'] }}
+{% endif %}
tags:
- - openstack
- - designate
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ cinder_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/cinder/*.log
- - /openstack/log/*cinder*/*.log
- - /openstack/log/*cinder*/cinder/*.log
-
- ### Multiline options
-
- # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
- multiline.pattern: '^[0-9-]{10} +[0-9:\.]+ +[0-9]+ +[A-Z]+ +[A-Za-z0-9\._]+ \[|Traceback'
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: true
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - openstack
- - cinder
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ glance_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/glance/*.log
- - /openstack/log/*glance*/*.log
- - /openstack/log/*glance*/glance/*.log
-
- ### Multiline options
-
- # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
- multiline.pattern: '^[0-9-]{10} +[0-9:\.]+ +[0-9]+ +[A-Z]+ +[A-Za-z0-9\._]+ \[|Traceback'
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: true
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - openstack
- - glance
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ heat_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/heat/*.log
- - /openstack/log/*heat*/*.log
- - /openstack/log/*heat*/heat/*.log
-
- ### Multiline options
-
- # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
- multiline.pattern: '^[0-9-]{10} +[0-9:\.]+ +[0-9]+ +[A-Z]+ +[A-Za-z0-9\._]+ \[|Traceback'
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: true
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - openstack
- - heat
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ horizon_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/horizon/*.log
- - /openstack/log/*horizon*/*.log
- - /openstack/log/*horizon*/horizon/*.log
-
- ### Multiline options
-
- # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
- multiline.pattern: '^[0-9-]{10} +[0-9:\.]+ +[0-9]+ +[A-Z]+ +[A-Za-z0-9\._]+ \[|Traceback'
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: true
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - openstack
- - horizon
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ keystone_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/keystone/*.log
- - /openstack/log/*keystone*/*.log
- - /openstack/log/*keystone*/keystone/*.log
-
- ### Multiline options
-
- # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
- multiline.pattern: '^[0-9-]{10} +[0-9:\.]+ +[0-9]+ +[A-Z]+ +[A-Za-z0-9\._]+ \[|Traceback'
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: true
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - openstack
- - keystone
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ neutron_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/neutron/*.log
- - /openstack/log/*neutron*/*.log
- - /openstack/log/*neutron*/neutron/*.log
-
- ### Multiline options
-
- # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
- multiline.pattern: '^[0-9-]{10} +[0-9:\.]+ +[0-9]+ +[A-Z]+ +[A-Za-z0-9\._]+ \[|Traceback'
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: true
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - openstack
- - neutron
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ nova_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/nova/*.log
- - /openstack/log/*nova*/*.log
- - /openstack/log/*nova*/nova/*.log
-
- ### Multiline options
-
- # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
- multiline.pattern: '^[0-9-]{10} +[0-9:\.]+ +[0-9]+ +[A-Z]+ +[A-Za-z0-9\._]+ \[|Traceback'
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: true
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - openstack
- - nova
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ octavia_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/octavia/*.log
- - /openstack/log/*octavia*/*.log
- - /openstack/log/*octavia*/octavia/*.log
-
- ### Multiline options
-
- # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
- multiline.pattern: '^[0-9-]{10} +[0-9:\.]+ +[0-9]+ +[A-Z]+ +[A-Za-z0-9\._]+ \[|Traceback'
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: true
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - openstack
- - octavia
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ swift_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/swift/account*.log
- - /openstack/log/*swift*/account*.log
-
- ### Multiline options
-
- # Month Day Time Host Python Module Status
- multiline.pattern: '^[A-Za-z]+[[:space:]]* +[0-9]{1,2} +[0-9:\.]+ +[A-Za-z0-9-]+ account-replicator: +[A-Za-z0-9-\ ]+'
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: false
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - openstack
- - swift
- - swift-account
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ swift_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/swift/container*.log
- - /openstack/log/*swift*/container*.log
-
- ### Multiline options
-
- # Month Day Time Host Python Module Status
- multiline.pattern: '^[A-Za-z]+[[:space:]]* +[0-9]{1,2} +[0-9:\.]+ +[A-Za-z0-9-]+ container-replicator: +[A-Za-z0-9-\ ]+'
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: false
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - openstack
- - swift
- - swift-container
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ swift_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/swift/object*.log
- - /openstack/log/*swift*/object*.log
-
- ### Multiline options
-
- # Month Day Time Host Python Module Status
- multiline.pattern: '^[A-Za-z]+[[:space:]]* +[0-9]{1,2} +[0-9:\.]+ +[A-Za-z0-9-]+ object-replicator: +[A-Za-z0-9-\ ]+'
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: false
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - openstack
- - swift
- - swift-object
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ swift_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/swift/proxy*.log
- - /openstack/log/*swift*/proxy*.log
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - openstack
- - swift
- - swift-proxy
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ rabbitmq_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/rabbit*/*.log
- - /openstack/log/*rabbit*/*.log
- - /openstack/log/*rabbit*/rabbit*/*.log
-
- ### Multiline options
-
- multiline.pattern: '^='
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: true
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - rabbitmq
- - infrastructure
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ ceph_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/ceph/ceph-mon.*.log
- - /openstack/log/*ceph*/ceph-mon*.log
-
- ### Multiline options
-
- multiline.pattern: '^[a-z_]* '
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- multiline.negate: false
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- multiline.timeout: 5s
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - ceph-mon
- - ceph
- - infrastructure
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: {{ ceph_enabled | bool }}
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/ceph/ceph-osd.*.log
- - /openstack/log/*ceph*/ceph-osd*.log
-
- # NOTE(mnaser): Workaround for following Ceph bug
- # http://tracker.ceph.com/issues/35716
- exclude_lines:
- - '.*challenging authorizer.*'
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - ceph-osd
- - ceph
- - infrastructure
-
- symlinks: false
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: true
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/beats/*.log
- - /openstack/log/*/beats/*.log
- - /var/log/curator/curator
- - /openstack/log/*/curator/curator
- - /var/log/elasticsearch/*.log
- - /openstack/log/*/elasticsearch/*.log
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- tags:
- - beats
-
- symlinks: false
-
-
-- type: log
-
- # Change to true to enable this prospector configuration.
- enabled: true
-
- # Paths that should be crawled and fetched. Glob based paths.
- # To fetch all ".log" files from a specific level of subdirectories
- # /var/log/*/*.log can be used.
- # For each file found under this path, a harvester is started.
- # Make sure not file is defined twice as this can lead to unexpected behaviour.
- paths:
- - /var/log/*.log
- - /var/log/haproxy/*.log
- - /var/log/libvirt/*.log
- - /var/log/libvirt/*/*.log
- - /var/log/lxc/*.log
- - /openstack/log/ansible-logging/*.log
- #- c:\programdata\elasticsearch\logs\*
-
- # Configure the file encoding for reading files with international characters
- # following the W3C recommendation for HTML5 (http://www.w3.org/TR/encoding).
- # Some sample encodings:
- # plain, utf-8, utf-16be-bom, utf-16be, utf-16le, big5, gb18030, gbk,
- # hz-gb-2312, euc-kr, euc-jp, iso-2022-jp, shift-jis, ...
- #encoding: plain
-
-
- # Exclude lines. A list of regular expressions to match. It drops the lines that are
- # matching any regular expression from the list. The include_lines is called before
- # exclude_lines. By default, no lines are dropped.
- #exclude_lines: ['^DBG']
-
- # Include lines. A list of regular expressions to match. It exports the lines that are
- # matching any regular expression from the list. The include_lines is called before
- # exclude_lines. By default, all the lines are exported.
- #include_lines: ['^ERR', '^WARN']
-
- # Exclude files. A list of regular expressions to match. Filebeat drops the files that
- # are matching any regular expression from the list. By default, no files are dropped.
- #exclude_files: ['.gz$']
-
- # Optional additional fields. These fields can be freely picked
- # to add additional information to the crawled log files for filtering
- #fields:
- # level: debug
- # review: 1
-
- # Set to true to store the additional fields as top level fields instead
- # of under the "fields" sub-dictionary. In case of name conflicts with the
- # fields added by Filebeat itself, the custom fields overwrite the default
- # fields.
- #fields_under_root: false
-
- # Ignore files which were modified more then the defined timespan in the past.
- # ignore_older is disabled by default, so no files are ignored by setting it to 0.
- # Time strings like 2h (2 hours), 5m (5 minutes) can be used.
- #ignore_older: 0
-
- # How often the prospector checks for new files in the paths that are specified
- # for harvesting. Specify 1s to scan the directory as frequently as possible
- # without causing Filebeat to scan too frequently. Default: 10s.
- #scan_frequency: 10s
-
- # Defines the buffer size every harvester uses when fetching the file
- #harvester_buffer_size: 16384
-
- # Maximum number of bytes a single log event can have
- # All bytes after max_bytes are discarded and not sent. The default is 10MB.
- # This is especially useful for multiline log messages which can get large.
- #max_bytes: 10485760
-
- ### Recursive glob configuration
-
- # Expand "**" patterns into regular glob patterns.
- #recursive_glob.enabled: true
-
- ### JSON configuration
-
- # Decode JSON options. Enable this if your logs are structured in JSON.
- # JSON key on which to apply the line filtering and multiline settings. This key
- # must be top level and its value must be string, otherwise it is ignored. If
- # no text key is defined, the line filtering and multiline features cannot be used.
- #json.message_key:
-
- # By default, the decoded JSON is placed under a "json" key in the output document.
- # If you enable this setting, the keys are copied top level in the output document.
- #json.keys_under_root: false
-
- # If keys_under_root and this setting are enabled, then the values from the decoded
- # JSON object overwrite the fields that Filebeat normally adds (type, source, offset, etc.)
- # in case of conflicts.
- #json.overwrite_keys: false
-
- # If this setting is enabled, Filebeat adds a "error.message" and "error.key: json" key in case of JSON
- # unmarshaling errors or when a text key is defined in the configuration but cannot
- # be used.
- #json.add_error_key: false
-
- ### Multiline options
-
- # Mutiline can be used for log messages spanning multiple lines. This is common
- # for Java Stack Traces or C-Line Continuation
-
- # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
- #multiline.pattern: ^\[
-
- # Defines if the pattern set under pattern should be negated or not. Default is false.
- #multiline.negate: false
-
- # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
- # that was (not) matched before or after or as long as a pattern is not matched based on negate.
- # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
- #multiline.match: after
-
- # The maximum number of lines that are combined to one event.
- # In case there are more the max_lines the additional lines are discarded.
- # Default is 500
- #multiline.max_lines: 500
-
- # After the defined timeout, an multiline event is sent even if no new pattern was found to start a new event
- # Default is 5s.
- #multiline.timeout: 5s
-
- # Setting tail_files to true means filebeat starts reading new files at the end
- # instead of the beginning. If this is used in combination with log rotation
- # this can mean that the first entries of a new file are skipped.
- #tail_files: false
-
- # The Ingest Node pipeline ID associated with this prospector. If this is set, it
- # overwrites the pipeline option from the Elasticsearch output.
- #pipeline:
-
- # If symlinks is enabled, symlinks are opened and harvested. The harvester is openening the
- # original for harvesting but will report the symlink name as source.
- symlinks: false
-
- # Backoff values define how aggressively filebeat crawls new files for updates
- # The default values can be used in most cases. Backoff defines how long it is waited
- # to check a file again after EOF is reached. Default is 1s which means the file
- # is checked every second if new lines were added. This leads to a near real time crawling.
- # Every time a new line appears, backoff is reset to the initial value.
- #backoff: 1s
-
- # Max backoff defines what the maximum backoff time is. After having backed off multiple times
- # from checking the files, the waiting time will never exceed max_backoff independent of the
- # backoff factor. Having it set to 10s means in the worst case a new line can be added to a log
- # file after having backed off multiple times, it takes a maximum of 10s to read the new line
- #max_backoff: 10s
-
- # The backoff factor defines how fast the algorithm backs off. The bigger the backoff factor,
- # the faster the max_backoff value is reached. If this value is set to 1, no backoff will happen.
- # The backoff value will be multiplied each time with the backoff_factor until max_backoff is reached
- #backoff_factor: 2
-
- # Max number of harvesters that are started in parallel.
- # Default is 0 which means unlimited
- #harvester_limit: 0
-
- ### Harvester closing options
-
- # Close inactive closes the file handler after the predefined period.
- # The period starts when the last line of the file was, not the file ModTime.
- # Time strings like 2h (2 hours), 5m (5 minutes) can be used.
- #close_inactive: 5m
-
- # Close renamed closes a file handler when the file is renamed or rotated.
- # Note: Potential data loss. Make sure to read and understand the docs for this option.
- #close_renamed: false
-
- # When enabling this option, a file handler is closed immediately in case a file can't be found
- # any more. In case the file shows up again later, harvesting will continue at the last known position
- # after scan_frequency.
- #close_removed: true
-
- # Closes the file handler as soon as the harvesters reaches the end of the file.
- # By default this option is disabled.
- # Note: Potential data loss. Make sure to read and understand the docs for this option.
- #close_eof: false
-
- ### State options
-
- # Files for the modification data is older then clean_inactive the state from the registry is removed
- # By default this is disabled.
- #clean_inactive: 0
-
- # Removes the state for file which cannot be found on disk anymore immediately
- #clean_removed: true
-
- # Close timeout closes the harvester after the predefined time.
- # This is independent if the harvester did finish reading the file or not.
- # By default this option is disabled.
- # Note: Potential data loss. Make sure to read and understand the docs for this option.
- #close_timeout: 0
-
- # Defines if prospectors is enabled
- #enabled: true
+{% for tag in p['tags'] %}
+ - {{ tag }}
+{% endfor %}
+{% endfor %}
#----------------------------- Stdin prospector -------------------------------
# Configuration to use stdin input