[Docs] Document how to use modules.d directory #4973
Conversation
| [[modules-tutorial]] | ||
| === Tutorial | ||
|
|
||
| //REVIEWERS: Now that we have a section about specifying which modules to run (where I describe how to override settings) plus a Quick start for common log formats, the info in this tutorial is a bit redundant. I do think a more in-depth tutorial that shows a realistic use case would be pretty useful here. It could even show path overrides and prospector settings, but it wouldn't have to describe all the permutations because we do that in the reference section. IMO a streamlined version of this tutorial focused on specific user goals and built around a compelling story would be more useful. If someone can provide me with the "story" for this tutorial, I can write it up. Any volunteers? |
There was a problem hiding this comment.
@tsg Adding you as a reviewer because I'd specifically like your input on this question. I think you wrote the original version of the tutorial.
There was a problem hiding this comment.
Yeah, I agree this is likely not needed anymore. I'm not sure what the overlap between the getting started and the FBM tutorial is at the moment. If the Getting Started focuses on the "add your own prospector" experience, then we could keep this one, maybe simplified.
I'm not sure what sort of story do you have in mind, maybe something like you have a LAMP stack and you monitor linux logs (system module), Apache logs (apache2 module) and Mysql logs (mysql module)?
| @@ -148,6 +160,9 @@ cannot install the plugins, you can use the following: | |||
| ./filebeat -e -modules=nginx -M "nginx.access.var.pipeline=no_plugins" | |||
| ---------------------------------------------------------------------- | |||
|
|
|||
|
|
|||
| //REVIEWERS: Is no_plugins still a thing? | |||
There was a problem hiding this comment.
No, that's not an option anymore, we should remove it.
| @@ -81,20 +84,28 @@ example: | |||
| ---------------------------------------------------------------------- | |||
| ./filebeat -e -modules=system,nginx,mysql | |||
There was a problem hiding this comment.
Should we update -modules to --modules? there are several occurrences on this file
There was a problem hiding this comment.
Yah, I haven't changed much in the getting started because it sounds like our plans for the getting started experience are still in flux. But since you mentioned it, beta 2 users might find the discrepancy a little confusing, so maybe I should go ahead and change them now.
dedemorton
added
the
needs_backport
| The default module configurations assume that the logs you’re harvesting are | ||
| in the location expected for your OS and that the default behavior of Filebeat | ||
| is appropriate for your environment. To change the default settings, you need | ||
| to specify variable overrides. See <<override-variables>>. |
There was a problem hiding this comment.
I would rather recommend here to edit the modules.d/*.yml files, instead of using CLI to overwrite settings. The main point of splitting the huge configuration file into smaller ones is that they are easier to edit.
There was a problem hiding this comment.
I thought the main purpose of the modules.d dir was to make it easier to enable/disable specific configs. But anyhow, the topic this points to does discuss changing the config before it mentions the command-line overrides. I will change the language in this sentence to make this a bit more clear, tho.
| command requires the `modules.d` layout. | ||
|
|
||
| To enable specific modules in the +{beatname_lc}.yml+ config file, you can add | ||
| entries to the `filebeat.modules` list. Each entry in the list begins with a |
There was a problem hiding this comment.
Most of this file uses the {beatname_lc} variables, but here filebeat is used by the name.
There was a problem hiding this comment.
yah, I'm trying to use the variable in places where I think the name could change (like in the name of the config file). Doesn't hurt to use it here, tho, so I've changed it. Someday I'll do a cleanup and use it everywhere, but since we haven't used the asciidoc variables consistently from the beginning, we'll need to do some cleanup anyhow.
* [Docs] Document how to use modules.d directory * Add changes from review
dedemorton
removed
the
needs_backport
…#5103) * [Docs] Document how to use modules.d directory (elastic#4973) * [Docs] Document how to use modules.d directory * Add changes from review * Add upgrading guide docs (elastic#5068) * Add upgrading guide docs Part of / related to elastic#4737.
Adds docs about
modules.dfor #4537I didn't go into a lot of detail about how the modules enable/disable commands change the name of the config files because that seems like an implementation detail. But let me think if the layout needs more description. I also reworked some stuff in the other docs because it made sense to do it now.