youtubebeat/vendor/github.com/elastic/beats/filebeat/docs/modules/logstash.asciidoc

////
This file is generated! See scripts/docs_collector.py
////

[[filebeat-module-logstash]]
:modulename: logstash
:has-dashboards: true

== Logstash module

The +{modulename}+ module parse logstash regular logs and the slow log, it will support the plain text format
and the JSON format (--log.format json). The default is the plain text format.

include::../include/what-happens.asciidoc[]

The +{modulename}+ module has two filesets:

* The `log` fileset collects and parses the logs that Logstash writes to disk.
* The `slowlog` fileset parses the logstash slowlog.


For the `slowlog` fileset, make sure to configure the
{logstashdoc}/logging.html#_slowlog[Logstash slowlog option].

[float]
=== Compatibility

The Logstash `log` fileset was tested with logs from Logstash 5.6 and 6.0.

The Logstash `slowlog` fileset was tested with logs from Logstash 5.6 and 6.0

include::../include/running-modules.asciidoc[]

[float]
===  Example dashboards

This module comes with two sample dashboards.

[role="screenshot"]
image::./images/kibana-logstash-log.png[]

[role="screenshot"]
image::./images/kibana-logstash-slowlog.png[]

include::../include/configuring-intro.asciidoc[]

The following example shows how to set paths in the +modules.d/{modulename}.yml+
file to override the default paths for Logstash logs and set the format to json

["source","yaml",subs="attributes"]
-----
- module: logstash
  log:
    enabled: true
    var.paths: ["/path/to/log/logstash.log*"]
    format: json
  slowlog:
    enabled: true
    var.paths: ["/path/to/log/logstash-slowlog.log*"]
    format: json
-----

To specify the same settings at the command line, you use:

["source","sh",subs="attributes"]
-----
-M "logstash.log.var.paths=[/path/to/log/logstash/logstash-server.log*]" -M "logstash.slowlog.var.paths=[/path/to/log/logstash/logstash-slowlog.log*]"
-----


//set the fileset name used in the included example
:fileset_ex: log

include::../include/config-option-intro.asciidoc[]


[float]
==== `log` fileset settings

include::../include/var-paths.asciidoc[]

*`var.format`*::

The configured Logstash log format. Possible values are: `json` or `plain`. The
default is `plain`.

[float]
==== `slowlog` fileset settings

include::../include/var-paths.asciidoc[]

*`var.format`*::

The configured Logstash log format. Possible values are: `json` or `plain`. The
default is `plain`.

:has-dashboards!:

:fileset_ex!:

:modulename!:


[float]
=== Fields

For a description of each field in the module, see the
<<exported-fields-logstash,exported fields>> section.
Add generated youtubebeat files 2018-11-18 11:08:38 +01:00			`////`
			`This file is generated! See scripts/docs_collector.py`
			`////`

			`[[filebeat-module-logstash]]`
			`:modulename: logstash`
			`:has-dashboards: true`

			`== Logstash module`

			`The +{modulename}+ module parse logstash regular logs and the slow log, it will support the plain text format`
			`and the JSON format (--log.format json). The default is the plain text format.`

			`include::../include/what-happens.asciidoc[]`

			`The +{modulename}+ module has two filesets:`

			* The `log` fileset collects and parses the logs that Logstash writes to disk.
			* The `slowlog` fileset parses the logstash slowlog.


			For the `slowlog` fileset, make sure to configure the
			`{logstashdoc}/logging.html#_slowlog[Logstash slowlog option].`

			`[float]`
			`=== Compatibility`

			The Logstash `log` fileset was tested with logs from Logstash 5.6 and 6.0.

			The Logstash `slowlog` fileset was tested with logs from Logstash 5.6 and 6.0

			`include::../include/running-modules.asciidoc[]`

			`[float]`
			`=== Example dashboards`

			`This module comes with two sample dashboards.`

			`[role="screenshot"]`
			`image::./images/kibana-logstash-log.png[]`

			`[role="screenshot"]`
			`image::./images/kibana-logstash-slowlog.png[]`

			`include::../include/configuring-intro.asciidoc[]`

			`The following example shows how to set paths in the +modules.d/{modulename}.yml+`
			`file to override the default paths for Logstash logs and set the format to json`

			`["source","yaml",subs="attributes"]`
			`-----`
			`- module: logstash`
			`log:`
			`enabled: true`
			`var.paths: ["/path/to/log/logstash.log*"]`
			`format: json`
			`slowlog:`
			`enabled: true`
			`var.paths: ["/path/to/log/logstash-slowlog.log*"]`
			`format: json`
			`-----`

			`To specify the same settings at the command line, you use:`

			`["source","sh",subs="attributes"]`
			`-----`
			`-M "logstash.log.var.paths=[/path/to/log/logstash/logstash-server.log]" -M "logstash.slowlog.var.paths=[/path/to/log/logstash/logstash-slowlog.log]"`
			`-----`


			`//set the fileset name used in the included example`
			`:fileset_ex: log`

			`include::../include/config-option-intro.asciidoc[]`


			`[float]`
			==== `log` fileset settings

			`include::../include/var-paths.asciidoc[]`

			`var.format`::

			The configured Logstash log format. Possible values are: `json` or `plain`. The
			default is `plain`.

			`[float]`
			==== `slowlog` fileset settings

			`include::../include/var-paths.asciidoc[]`

			`var.format`::

			The configured Logstash log format. Possible values are: `json` or `plain`. The
			default is `plain`.

			`:has-dashboards!:`

			`:fileset_ex!:`

			`:modulename!:`


			`[float]`
			`=== Fields`

			`For a description of each field in the module, see the`
			`<<exported-fields-logstash,exported fields>> section.`