From 498fd2b7ca3e4061651081a39e6b708e784813bb Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Fri, 3 May 2019 06:07:10 -0700 Subject: [PATCH] [7.1] Adding JSON paths to FB ES module docs (#12008) (#12030) * Adding JSON paths to FB ES module docs * Adding note about ES version * Apply suggestions from code review Co-Authored-By: ycombinator * Remove mention of *_audit.log to avoid confusion --- filebeat/docs/modules/elasticsearch.asciidoc | 31 ++++++++++++++++--- .../module/elasticsearch/_meta/docs.asciidoc | 31 ++++++++++++++++--- 2 files changed, 52 insertions(+), 10 deletions(-) diff --git a/filebeat/docs/modules/elasticsearch.asciidoc b/filebeat/docs/modules/elasticsearch.asciidoc index 6099a84ee503..d9a8c47a5b82 100644 --- a/filebeat/docs/modules/elasticsearch.asciidoc +++ b/filebeat/docs/modules/elasticsearch.asciidoc @@ -41,8 +41,13 @@ Example config: server: enabled: true var.paths: - - /var/log/elasticsearch/*.log + - /var/log/elasticsearch/*.log # Plain text logs + - /var/log/elasticsearch/*_server.json # JSON logs ---- ++ +NOTE: If you're running against Elasticsearch >= 7.0.0, configure the +`var.paths` setting to point to JSON logs. Otherwise, configure it +to point to plain text logs. [float] ==== `gc` log fileset settings @@ -70,8 +75,13 @@ Example config: ---- audit: var.paths: - - /var/log/elasticsearch/*_audit.json + - /var/log/elasticsearch/*_access.log # Plain text logs + - /var/log/elasticsearch/*_audit.json # JSON logs ---- ++ +NOTE: If you're running against Elasticsearch >= 7.0.0, configure the +`var.paths` setting to point to JSON logs. Otherwise, configure it +to point to plain text logs. [float] ==== `slowlog` log fileset settings @@ -84,9 +94,15 @@ Example config: ---- slowlog: var.paths: - - /var/log/elasticsearch/*_index_search_slowlog.log - - /var/log/elasticsearch/*_index_indexing_slowlog.log + - /var/log/elasticsearch/*_index_search_slowlog.log # Plain text logs + - /var/log/elasticsearch/*_index_indexing_slowlog.log # Plain text logs + - /var/log/elasticsearch/*_index_search_slowlog.json # JSON logs + - /var/log/elasticsearch/*_index_indexing_slowlog.json # JSON logs ---- ++ +NOTE: If you're running against Elasticsearch >= 7.0.0, configure the +`var.paths` setting to point to JSON logs. Otherwise, configure it +to point to plain text logs. [float] ==== `deprecation` log fileset settings @@ -99,8 +115,13 @@ Example config: ---- deprecation: var.paths: - - /var/log/elasticsearch/*_deprecation.log + - /var/log/elasticsearch/*_deprecation.log # Plain text logs + - /var/log/elasticsearch/*_deprecation.json # JSON logs ---- ++ +NOTE: If you're running against Elasticsearch >= 7.0.0, configure the +`var.paths` setting to point to JSON logs. Otherwise, configure it +to point to plain text logs. :has-dashboards!: diff --git a/filebeat/module/elasticsearch/_meta/docs.asciidoc b/filebeat/module/elasticsearch/_meta/docs.asciidoc index 118ce492cfc7..4890c928cfd7 100755 --- a/filebeat/module/elasticsearch/_meta/docs.asciidoc +++ b/filebeat/module/elasticsearch/_meta/docs.asciidoc @@ -36,8 +36,13 @@ Example config: server: enabled: true var.paths: - - /var/log/elasticsearch/*.log + - /var/log/elasticsearch/*.log # Plain text logs + - /var/log/elasticsearch/*_server.json # JSON logs ---- ++ +NOTE: If you're running against Elasticsearch >= 7.0.0, configure the +`var.paths` setting to point to JSON logs. Otherwise, configure it +to point to plain text logs. [float] ==== `gc` log fileset settings @@ -65,8 +70,13 @@ Example config: ---- audit: var.paths: - - /var/log/elasticsearch/*_audit.json + - /var/log/elasticsearch/*_access.log # Plain text logs + - /var/log/elasticsearch/*_audit.json # JSON logs ---- ++ +NOTE: If you're running against Elasticsearch >= 7.0.0, configure the +`var.paths` setting to point to JSON logs. Otherwise, configure it +to point to plain text logs. [float] ==== `slowlog` log fileset settings @@ -79,9 +89,15 @@ Example config: ---- slowlog: var.paths: - - /var/log/elasticsearch/*_index_search_slowlog.log - - /var/log/elasticsearch/*_index_indexing_slowlog.log + - /var/log/elasticsearch/*_index_search_slowlog.log # Plain text logs + - /var/log/elasticsearch/*_index_indexing_slowlog.log # Plain text logs + - /var/log/elasticsearch/*_index_search_slowlog.json # JSON logs + - /var/log/elasticsearch/*_index_indexing_slowlog.json # JSON logs ---- ++ +NOTE: If you're running against Elasticsearch >= 7.0.0, configure the +`var.paths` setting to point to JSON logs. Otherwise, configure it +to point to plain text logs. [float] ==== `deprecation` log fileset settings @@ -94,8 +110,13 @@ Example config: ---- deprecation: var.paths: - - /var/log/elasticsearch/*_deprecation.log + - /var/log/elasticsearch/*_deprecation.log # Plain text logs + - /var/log/elasticsearch/*_deprecation.json # JSON logs ---- ++ +NOTE: If you're running against Elasticsearch >= 7.0.0, configure the +`var.paths` setting to point to JSON logs. Otherwise, configure it +to point to plain text logs. :has-dashboards!: