Filebeat Configuration

Filebeat

Filebeat is a lightweight shipper for forwarding and centralizing log data. Installed as an agent on your servers, Filebeat monitors the log files or locations that you specify, collects log events, and forwards them either to Elasticsearch or Logstash for indexing (verbatim from Filebeat’s documentation).

For more information on Filebeat, refer to its documentation here.

Helm Installation

• Get the IP for the Kloudfuse endpoint with the following kubectl command (note: if kfuse stack is installed with a DNS or VPC Endpoint then use that address instead of IP address)

  kubectl get services | grep -i "ingress". Pick the ingress-external IP.

• Create a custom_values.yaml (or update an existing yaml used to install filebeat, if modifying an existing filebeat installation) with the following filebeatConfig. Note that other existing filebeatConfig must be copied over (e.g., https://github.com/elastic/helm-charts/blob/2fd64d0af65f14df7aa01da591919460dabac4b3/filebeat/values.yaml#L38 ), since this will overwrite the filebeat.yml
  
  

  daemonset: # Use deployment, instead of daemonset, if filebeat is configured to run in deployment-mode. filebeatConfig: filebeat.yml: | ... setup.ilm.enabled: false setup.template.enabled: false output.elasticsearch: hosts: ["http://<ingress-ip or DNS>/ingester/api/v1/filebeat"] # use http or https depending on whether Kfuse has https enabled

• Add the helm repository

  helm repo add elastic https://helm.elastic.co

• Install filebeat (with the custom_values.yaml