Filebeat Configuration
Filebeat
Filebeat is a lightweight shipper for forwarding and centralizing log data. Installed as an agent on your servers, Filebeat monitors the log files or locations that you specify, collects log events, and forwards them either to Elasticsearch or Logstash for indexing (verbatim from Filebeat’s documentation).
For more information on Filebeat, refer to its documentation here.
Helm Installation
Get the IP for the Kloudfuse endpoint with the following kubectl command (note: if kfuse stack is installed with a DNS or VPC Endpoint then use that address instead of IP address)
kubectl get services | grep -i "ingress". Pick the ingress-external IP.
Create a
custom_values.yaml
(or update an existing yaml used to install filebeat, if modifying an existing filebeat installation) with the following filebeatConfig. Note that other existing filebeatConfig must be copied over (e.g., helm-charts/filebeat/values.yaml at 2fd64d0af65f14df7aa01da591919460dabac4b3 · elastic/helm-charts ), since this will overwrite thefilebeat.yml
daemonset: # Use deployment, instead of daemonset, if filebeat is configured to run in deployment-mode. filebeatConfig: filebeat.yml: | ... setup.ilm.enabled: false setup.template.enabled: false output.elasticsearch: hosts: ["http://<ingress-ip or DNS>/ingester/api/v1/filebeat"] # use http or https depending on whether Kfuse has https enabled
Add the helm repository
helm repo add elastic https://helm.elastic.co
Install filebeat (with the
custom_values.yaml