diff --git a/filebeat/docs/include/setup-command.asciidoc b/filebeat/docs/include/setup-command.asciidoc index 071ec23c032a..66f4ce361a5c 100644 --- a/filebeat/docs/include/setup-command.asciidoc +++ b/filebeat/docs/include/setup-command.asciidoc @@ -21,8 +21,8 @@ PS > .{backslash}{beatname_lc}.exe setup -e ---- The <> command loads the recommended index template for -writing to {es} and deploys the sample dashboards for visualizing the -data in {kib}. This is a one-time setup step. +writing to {es} and deploys the sample dashboards (if available) for visualizing +the data in {kib}. This is a one-time setup step. The `-e` flag is optional and sends output to standard error instead of syslog. -- \ No newline at end of file diff --git a/filebeat/docs/include/visualize-data.asciidoc b/filebeat/docs/include/visualize-data.asciidoc index 81726987ed1b..23df392e30b8 100644 --- a/filebeat/docs/include/visualize-data.asciidoc +++ b/filebeat/docs/include/visualize-data.asciidoc @@ -1,3 +1,4 @@ +ifeval::["{has-dashboards}"=="true"] . Explore your data in {kib}: + .. Open your browser and navigate to the *Dashboard* overview in {kib}: @@ -11,3 +12,4 @@ the visualizations for your parsed logs. + TIP: If you don’t see data in {kib}, try changing the date range to a larger range. By default, {kib} shows the last 15 minutes. +endif::[] \ No newline at end of file diff --git a/filebeat/docs/include/what-happens.asciidoc b/filebeat/docs/include/what-happens.asciidoc index 03390432cf26..f6e30d8e6c02 100644 --- a/filebeat/docs/include/what-happens.asciidoc +++ b/filebeat/docs/include/what-happens.asciidoc @@ -8,5 +8,6 @@ defaults) * Uses ingest node to parse and process the log lines, shaping the data into a structure suitable for visualizing in Kibana +ifeval::["{has-dashboards}"=="true"] * Deploys dashboards for visualizing the log data - \ No newline at end of file +endif::[] diff --git a/filebeat/docs/modules-getting-started.asciidoc b/filebeat/docs/modules-getting-started.asciidoc index fe9f88146547..c04384976cd5 100644 --- a/filebeat/docs/modules-getting-started.asciidoc +++ b/filebeat/docs/modules-getting-started.asciidoc @@ -6,9 +6,9 @@ {beatname_uc} provides a set of pre-built modules that you can use to rapidly implement and deploy a log monitoring solution, complete with sample dashboards -and data visualizations, in about 5 minutes. These modules support common log -formats, such as Nginx, Apache2, and MySQL, and can be run by issuing a simple -command. +and data visualizations (when available), in about 5 minutes. These modules +support common log formats, such as Nginx, Apache2, and MySQL, and can be run by +issuing a simple command. This topic shows you how to run the basic modules with minimal extra configuration. For detailed documentation and the full list of available diff --git a/filebeat/docs/modules-overview.asciidoc b/filebeat/docs/modules-overview.asciidoc index e53fe9ea8bdc..a717442d6373 100644 --- a/filebeat/docs/modules-overview.asciidoc +++ b/filebeat/docs/modules-overview.asciidoc @@ -20,7 +20,8 @@ the following: correct types for each field. They also contain short descriptions for each of the fields. -* Sample Kibana dashboards, which can be used to visualize the log files. +* Sample Kibana dashboards, when available, that can be used to visualize the +log files. {beatname_uc} automatically adjusts these configurations based on your environment and loads them to the respective Elastic stack components. diff --git a/filebeat/docs/modules/apache2.asciidoc b/filebeat/docs/modules/apache2.asciidoc index 2e568861f83a..84d40be3d6ce 100644 --- a/filebeat/docs/modules/apache2.asciidoc +++ b/filebeat/docs/modules/apache2.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-apache2]] :modulename: apache2 +:has-dashboards: true == Apache2 module @@ -75,6 +76,12 @@ include::../include/var-paths.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/auditd.asciidoc b/filebeat/docs/modules/auditd.asciidoc index 3baced823437..0bffbfd3844d 100644 --- a/filebeat/docs/modules/auditd.asciidoc +++ b/filebeat/docs/modules/auditd.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-auditd]] :modulename: auditd +:has-dashboards: true == Auditd module @@ -66,6 +67,12 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/elasticsearch.asciidoc b/filebeat/docs/modules/elasticsearch.asciidoc index 6af24ed99b62..5b8da8c80988 100644 --- a/filebeat/docs/modules/elasticsearch.asciidoc +++ b/filebeat/docs/modules/elasticsearch.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-elasticsearch]] :modulename: elasticsearch +:has-dashboards: false == Elasticsearch module @@ -33,6 +34,12 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/haproxy.asciidoc b/filebeat/docs/modules/haproxy.asciidoc index 8fff27047449..4d71eeffe29e 100644 --- a/filebeat/docs/modules/haproxy.asciidoc +++ b/filebeat/docs/modules/haproxy.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-haproxy]] :modulename: haproxy +:has-dashboards: true == haproxy module @@ -53,6 +54,12 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/icinga.asciidoc b/filebeat/docs/modules/icinga.asciidoc index 9cecf4cf6d07..d490f652e731 100644 --- a/filebeat/docs/modules/icinga.asciidoc +++ b/filebeat/docs/modules/icinga.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-icinga]] :modulename: icinga +:has-dashboards: true == Icinga module @@ -80,6 +81,12 @@ include::../include/var-paths.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/iis.asciidoc b/filebeat/docs/modules/iis.asciidoc index c5f96012fe8b..bd2d3975325f 100644 --- a/filebeat/docs/modules/iis.asciidoc +++ b/filebeat/docs/modules/iis.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-iis]] :modulename: iis +:has-dashboards: true == IIS module @@ -70,6 +71,12 @@ include::../include/var-paths.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/kafka.asciidoc b/filebeat/docs/modules/kafka.asciidoc index 7890e2590d17..278e21410846 100644 --- a/filebeat/docs/modules/kafka.asciidoc +++ b/filebeat/docs/modules/kafka.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-kafka]] :modulename: kafka +:has-dashboards: true == Kafka module @@ -65,6 +66,12 @@ include::../include/var-paths.asciidoc[] include::../include/var-convert-timezone.asciidoc[] +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/kibana.asciidoc b/filebeat/docs/modules/kibana.asciidoc index 881c4b4037fe..5eb36a13fe4e 100644 --- a/filebeat/docs/modules/kibana.asciidoc +++ b/filebeat/docs/modules/kibana.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-kibana]] :modulename: kibana +:has-dashboards: false == Kibana module @@ -33,8 +34,12 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + :fileset_ex!: +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/logstash.asciidoc b/filebeat/docs/modules/logstash.asciidoc index 69c0d03c6c27..5decb791935d 100644 --- a/filebeat/docs/modules/logstash.asciidoc +++ b/filebeat/docs/modules/logstash.asciidoc @@ -4,6 +4,8 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-logstash]] :modulename: logstash +:has-dashboards: true + == Logstash module The +{modulename}+ module parse logstash regular logs and the slow log, it will support the plain text format @@ -92,6 +94,12 @@ include::../include/var-paths.asciidoc[] The configured Logstash log format. Possible values are: `json` or `plain`. The default is `plain`. +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/mongodb.asciidoc b/filebeat/docs/modules/mongodb.asciidoc index 938d5e6a0518..b70cb2bf5b05 100644 --- a/filebeat/docs/modules/mongodb.asciidoc +++ b/filebeat/docs/modules/mongodb.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-mongodb]] :modulename: mongodb +:has-dashboards: true == MongoDB module @@ -60,6 +61,12 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/mysql.asciidoc b/filebeat/docs/modules/mysql.asciidoc index c17a4829832c..f99f1ee39ef3 100644 --- a/filebeat/docs/modules/mysql.asciidoc +++ b/filebeat/docs/modules/mysql.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-mysql]] :modulename: mysql +:has-dashboards: true == MySQL module @@ -71,6 +72,12 @@ include::../include/var-paths.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/nginx.asciidoc b/filebeat/docs/modules/nginx.asciidoc index 89ac2ee379fe..d509cb64f859 100644 --- a/filebeat/docs/modules/nginx.asciidoc +++ b/filebeat/docs/modules/nginx.asciidoc @@ -4,6 +4,8 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-nginx]] :modulename: nginx +:has-dashboards: true + == Nginx module @@ -76,6 +78,12 @@ include::../include/var-paths.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/osquery.asciidoc b/filebeat/docs/modules/osquery.asciidoc index d215b9d3b5e6..0b317c3ea461 100644 --- a/filebeat/docs/modules/osquery.asciidoc +++ b/filebeat/docs/modules/osquery.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-osquery]] :modulename: osquery +:has-dashboards: true == Osquery module @@ -71,6 +72,12 @@ setting also disables the renaming of some fields (e.g. `hostIdentifier` to `host_identifier`). Note that if you set this to false, the sample dashboards coming with this module won't work correctly. The default is true. +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/postgresql.asciidoc b/filebeat/docs/modules/postgresql.asciidoc index 6ae53d2b1acf..d13a54d11c58 100644 --- a/filebeat/docs/modules/postgresql.asciidoc +++ b/filebeat/docs/modules/postgresql.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-postgresql]] :modulename: postgresql +:has-dashboards: true == PostgreSQL module @@ -69,6 +70,12 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + +:fileset_ex!: + +:modulename!: + [float] === Fields diff --git a/filebeat/docs/modules/redis.asciidoc b/filebeat/docs/modules/redis.asciidoc index c08919677a3a..8f6ce589bfb2 100644 --- a/filebeat/docs/modules/redis.asciidoc +++ b/filebeat/docs/modules/redis.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-redis]] :modulename: redis +:has-dashboards: true == Redis module @@ -97,6 +98,11 @@ left empty, `localhost:6379` is assumed. The password to use to connect to Redis, in case Redis authentication is enabled (the `requirepass` option in the Redis configuration). +:has-dashboards!: + +:fileset_ex!: + +:modulename!: [float] diff --git a/filebeat/docs/modules/system.asciidoc b/filebeat/docs/modules/system.asciidoc index 650b7c02bf83..d7d19797cf19 100644 --- a/filebeat/docs/modules/system.asciidoc +++ b/filebeat/docs/modules/system.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-system]] :modulename: system +:has-dashboards: true == System module @@ -81,7 +82,11 @@ include::../include/var-paths.asciidoc[] include::../include/var-convert-timezone.asciidoc[] +:has-dashboards!: +:fileset_ex!: + +:modulename!: [float] diff --git a/filebeat/docs/modules/traefik.asciidoc b/filebeat/docs/modules/traefik.asciidoc index 9660c2d2f5ee..62b464a9353b 100644 --- a/filebeat/docs/modules/traefik.asciidoc +++ b/filebeat/docs/modules/traefik.asciidoc @@ -4,6 +4,7 @@ This file is generated! See scripts/docs_collector.py [[filebeat-module-traefik]] :modulename: traefik +:has-dashboards: true == Traefik module @@ -61,6 +62,11 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + +:fileset_ex!: + +:modulename!: [float] diff --git a/filebeat/module/apache2/_meta/docs.asciidoc b/filebeat/module/apache2/_meta/docs.asciidoc index 73dcf6021865..55716bcab492 100644 --- a/filebeat/module/apache2/_meta/docs.asciidoc +++ b/filebeat/module/apache2/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: apache2 +:has-dashboards: true == Apache2 module @@ -69,3 +70,9 @@ include::../include/var-paths.asciidoc[] ==== `error` log fileset settings include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/auditd/_meta/docs.asciidoc b/filebeat/module/auditd/_meta/docs.asciidoc index 767fdd438fb9..74a16f93be7f 100644 --- a/filebeat/module/auditd/_meta/docs.asciidoc +++ b/filebeat/module/auditd/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: auditd +:has-dashboards: true == Auditd module @@ -60,3 +61,9 @@ include::../include/config-option-intro.asciidoc[] ==== `log` fileset settings include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/elasticsearch/_meta/docs.asciidoc b/filebeat/module/elasticsearch/_meta/docs.asciidoc index f7539c35e7d7..a3e206f53801 100755 --- a/filebeat/module/elasticsearch/_meta/docs.asciidoc +++ b/filebeat/module/elasticsearch/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: elasticsearch +:has-dashboards: false == Elasticsearch module @@ -27,3 +28,9 @@ include::../include/config-option-intro.asciidoc[] ==== `server` log fileset settings include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/haproxy/_meta/docs.asciidoc b/filebeat/module/haproxy/_meta/docs.asciidoc index 25955b54f6cb..8f0804b95b25 100644 --- a/filebeat/module/haproxy/_meta/docs.asciidoc +++ b/filebeat/module/haproxy/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: haproxy +:has-dashboards: true == haproxy module @@ -47,3 +48,9 @@ include::../include/config-option-intro.asciidoc[] ==== `log` fileset settings include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/icinga/_meta/docs.asciidoc b/filebeat/module/icinga/_meta/docs.asciidoc index 49e1dad35cce..3796d0b57e47 100644 --- a/filebeat/module/icinga/_meta/docs.asciidoc +++ b/filebeat/module/icinga/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: icinga +:has-dashboards: true == Icinga module @@ -74,3 +75,9 @@ include::../include/var-paths.asciidoc[] ==== `startup` log fileset settings include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/iis/_meta/docs.asciidoc b/filebeat/module/iis/_meta/docs.asciidoc index d8067db7ac02..230d886a5953 100644 --- a/filebeat/module/iis/_meta/docs.asciidoc +++ b/filebeat/module/iis/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: iis +:has-dashboards: true == IIS module @@ -64,3 +65,9 @@ include::../include/var-paths.asciidoc[] ==== `error` log fileset settings include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/kafka/_meta/docs.asciidoc b/filebeat/module/kafka/_meta/docs.asciidoc index 52a22d8fd487..0d2a39292c02 100644 --- a/filebeat/module/kafka/_meta/docs.asciidoc +++ b/filebeat/module/kafka/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: kafka +:has-dashboards: true == Kafka module @@ -59,3 +60,9 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] include::../include/var-convert-timezone.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/kibana/_meta/docs.asciidoc b/filebeat/module/kibana/_meta/docs.asciidoc index a7a8ca9e6156..d6b551ad0cdf 100644 --- a/filebeat/module/kibana/_meta/docs.asciidoc +++ b/filebeat/module/kibana/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: kibana +:has-dashboards: false == Kibana module @@ -28,4 +29,8 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + :fileset_ex!: + +:modulename!: diff --git a/filebeat/module/logstash/_meta/docs.asciidoc b/filebeat/module/logstash/_meta/docs.asciidoc index 19235ae5d8ba..27d6df98d643 100644 --- a/filebeat/module/logstash/_meta/docs.asciidoc +++ b/filebeat/module/logstash/_meta/docs.asciidoc @@ -1,4 +1,6 @@ :modulename: logstash +:has-dashboards: true + == Logstash module The +{modulename}+ module parse logstash regular logs and the slow log, it will support the plain text format @@ -86,3 +88,9 @@ include::../include/var-paths.asciidoc[] The configured Logstash log format. Possible values are: `json` or `plain`. The default is `plain`. + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/mongodb/_meta/docs.asciidoc b/filebeat/module/mongodb/_meta/docs.asciidoc index 9d6c5b94470a..fb991a1859b9 100755 --- a/filebeat/module/mongodb/_meta/docs.asciidoc +++ b/filebeat/module/mongodb/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: mongodb +:has-dashboards: true == MongoDB module @@ -54,3 +55,9 @@ include::../include/config-option-intro.asciidoc[] ==== `log` log fileset settings include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/mysql/_meta/docs.asciidoc b/filebeat/module/mysql/_meta/docs.asciidoc index c0fe6f8b210b..a4de39e5a8d0 100644 --- a/filebeat/module/mysql/_meta/docs.asciidoc +++ b/filebeat/module/mysql/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: mysql +:has-dashboards: true == MySQL module @@ -65,3 +66,9 @@ include::../include/var-paths.asciidoc[] ==== `slowlog` fileset settings include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/nginx/_meta/docs.asciidoc b/filebeat/module/nginx/_meta/docs.asciidoc index 421a7f7824bc..9feca458ae17 100644 --- a/filebeat/module/nginx/_meta/docs.asciidoc +++ b/filebeat/module/nginx/_meta/docs.asciidoc @@ -1,4 +1,6 @@ :modulename: nginx +:has-dashboards: true + == Nginx module @@ -70,3 +72,9 @@ include::../include/var-paths.asciidoc[] ==== `error` log fileset include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/osquery/_meta/docs.asciidoc b/filebeat/module/osquery/_meta/docs.asciidoc index 38bc701f0f9b..8f00e7039ac3 100644 --- a/filebeat/module/osquery/_meta/docs.asciidoc +++ b/filebeat/module/osquery/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: osquery +:has-dashboards: true == Osquery module @@ -65,3 +66,9 @@ Set to false to copy the fields in the root of the document. If enabled, this setting also disables the renaming of some fields (e.g. `hostIdentifier` to `host_identifier`). Note that if you set this to false, the sample dashboards coming with this module won't work correctly. The default is true. + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/postgresql/_meta/docs.asciidoc b/filebeat/module/postgresql/_meta/docs.asciidoc index 9e11ea364f21..7360720da065 100644 --- a/filebeat/module/postgresql/_meta/docs.asciidoc +++ b/filebeat/module/postgresql/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: postgresql +:has-dashboards: true == PostgreSQL module @@ -63,3 +64,9 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/redis/_meta/docs.asciidoc b/filebeat/module/redis/_meta/docs.asciidoc index e72f8221f00f..08641f6069ee 100644 --- a/filebeat/module/redis/_meta/docs.asciidoc +++ b/filebeat/module/redis/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: redis +:has-dashboards: true == Redis module @@ -92,3 +93,8 @@ left empty, `localhost:6379` is assumed. The password to use to connect to Redis, in case Redis authentication is enabled (the `requirepass` option in the Redis configuration). +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/system/_meta/docs.asciidoc b/filebeat/module/system/_meta/docs.asciidoc index d8be36a4831a..1c428afb2efb 100644 --- a/filebeat/module/system/_meta/docs.asciidoc +++ b/filebeat/module/system/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: system +:has-dashboards: true == System module @@ -76,4 +77,8 @@ include::../include/var-paths.asciidoc[] include::../include/var-convert-timezone.asciidoc[] +:has-dashboards!: +:fileset_ex!: + +:modulename!: diff --git a/filebeat/module/traefik/_meta/docs.asciidoc b/filebeat/module/traefik/_meta/docs.asciidoc index 07900a3e8a14..48195b47ce94 100644 --- a/filebeat/module/traefik/_meta/docs.asciidoc +++ b/filebeat/module/traefik/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: traefik +:has-dashboards: true == Traefik module @@ -56,3 +57,8 @@ include::../include/config-option-intro.asciidoc[] include::../include/var-paths.asciidoc[] +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/filebeat/scripts/module/_meta/docs.asciidoc b/filebeat/scripts/module/_meta/docs.asciidoc index 51f180d4addd..12f49c049c3f 100644 --- a/filebeat/scripts/module/_meta/docs.asciidoc +++ b/filebeat/scripts/module/_meta/docs.asciidoc @@ -1,4 +1,5 @@ :modulename: {module} +:has-dashboards: true == {module} module @@ -19,7 +20,8 @@ include::../include/running-modules.asciidoc[] This module comes with a sample dashboard. For example: -TODO: include an image of a sample dashboard +TODO: include an image of a sample dashboard. If you do not include a dashboard, +remove this section and set `:has-dashboards: false` at the top of this file. include::../include/configuring-intro.asciidoc[] @@ -38,6 +40,8 @@ the relevant file. For example: include::../include/var-paths.asciidoc[] +:has-dashboards!: + :fileset_ex!: :modulename!: diff --git a/libbeat/docs/outputconfig.asciidoc b/libbeat/docs/outputconfig.asciidoc index 5155775dc4a3..fc949ed7979f 100644 --- a/libbeat/docs/outputconfig.asciidoc +++ b/libbeat/docs/outputconfig.asciidoc @@ -66,8 +66,6 @@ output.elasticsearch: ssl.key: "/etc/pki/client/cert.key" ------------------------------------------------------------------------------ -// - To enable SSL, just add `https` to all URLs defined under __hosts__. ["source","yaml",subs="attributes,callouts"] @@ -215,12 +213,37 @@ for more information about the environment variables. The index name to write events to. The default is +"{beatname_lc}-%\{[beat.version]\}-%\{+yyyy.MM.dd\}"+ (for example, -+"{beatname_lc}-{version}-2017.04.26"+). If you change this setting, you also ++"{beatname_lc}-{version}-{localdate}"+). If you change this setting, you also need to configure the `setup.template.name` and `setup.template.pattern` options -(see <>). +(see <>). If you are using the pre-built Kibana +dashboards, you also need to set the `setup.dashboards.index` option (see +<>). + +You can set the index dynamically by using a format string to access any event +field. For example, this configuration uses a custom field, `fields.log_type`, +to set the index: + +["source","yaml",subs="attributes"] +------------------------------------------------------------------------------ +output.elasticsearch: + hosts: ["http://localhost:9200"] + index: "%\{[fields.log_type]\}-%\{[beat.version]\}-%\{+yyyy.MM.dd}\" <1> +------------------------------------------------------------------------------ + +<1> We recommend including `beat.version` in the name to avoid mapping issues +when you upgrade. + +With this configuration, all events with `log_type: normal` are sent to an +index named +normal-{version}-{localdate}+, and all events with +`log_type: critical` are sent to an index named ++critical-{version}-{localdate}+. + +TIP: To learn how to add custom fields to events, see the +<> option. + +See the <> setting for other ways to set the index +dynamically. -If you are using the pre-built Kibana dashboards, -you also need to set the `setup.dashboards.index` option (see <>). ifdef::deprecate_dashboard_loading[] @@ -228,40 +251,74 @@ deprecated[{deprecate_dashboard_loading}] endif::[] +[[indices-option-es]] ===== `indices` -Array of index selector rules supporting conditionals, format string -based field access and name mappings. The first rule matching will be used to -set the `index` for the event to be published. If `indices` is missing or no -rule matches, the `index` field will be used. +An array of index selector rules. Each rule specifies the index to use for +events that match the rule. During publishing, {beatname_uc} uses the first +matching rule in the array. Rules can contain conditionals, format string-based +fields, and name mappings. If the `indices` setting is missing or no rule +matches, the <> setting is used. Rule settings: -*`index`*: The index format string to use. If the fields used are missing, the rule fails. +*`index`*:: The index format string to use. If this string contains field +references, such as `%{[fields.name]}`, the fields must exist, or the rule fails. -*`mapping`*: Dictionary mapping index names to new names +*`mappings`*:: A dictionary that takes the value returned by `index` and maps it +to a new name. -*`default`*: Default string value if `mapping` does not find a match. +*`default`*:: The default string value to use if `mappings` does not find a +match. -*`when`*: Condition which must succeed in order to execute the current rule. +*`when`*:: A condition that must succeed in order to execute the current rule. +All the <> supported by processors are also supported +here. -Examples elasticsearch output with `indices`: +The following example sets the index based on whether the `message` field +contains the specified string: ["source","yaml"] ------------------------------------------------------------------------------ output.elasticsearch: hosts: ["http://localhost:9200"] - index: "logs-%{[beat.version]}-%{+yyyy.MM.dd}" indices: - - index: "critical-%{[beat.version]}-%{+yyyy.MM.dd}" + - index: "warning-%{[beat.version]}-%{+yyyy.MM.dd}" when.contains: - message: "CRITICAL" + message: "WARN" - index: "error-%{[beat.version]}-%{+yyyy.MM.dd}" when.contains: message: "ERR" ------------------------------------------------------------------------------ + +This configuration results in indices named +warning-{version}-{localdate}+ +and +error-{version}-{localdate}+ (plus the default index if no matches are +found). + +The following example sets the index by taking the name returned by the `index` +format string and mapping it to a new name that's used for the index: + +["source","yaml"] +------------------------------------------------------------------------------ +output.elasticsearch: + hosts: ["http://localhost:9200"] + indices: + - index: "%{[fields.log_type]}" + mappings: + critical: "sev1" + normal: "sev2" + default: "sev3" +------------------------------------------------------------------------------ + + +This configuration results in indices named `sev1`, `sev2`, and `sev3`. + +The `mappings` setting simplifies the configuration, but is limited to string +values. You cannot specify format strings within the mapping pairs. + ifndef::no-pipeline[] +[[pipeline-option-es]] ===== `pipeline` A format string value that specifies the ingest node pipeline to write events to. @@ -275,39 +332,95 @@ output.elasticsearch: For more information, see <>. +You can set the ingest node pipeline dynamically by using a format string to +access any event field. For example, this configuration uses a custom field, +`fields.log_type`, to set the pipeline for each event: + +["source","yaml",subs="attributes"] +------------------------------------------------------------------------------ +output.elasticsearch: + hosts: ["http://localhost:9200"] + pipeline: "%\{[fields.log_type]\}_pipeline" +------------------------------------------------------------------------------ + + +With this configuration, all events with `log_type: normal` are sent to a pipeline +named `normal_pipeline`, and all events with `log_type: critical` are sent to a +pipeline named `critical_pipeline`. + +TIP: To learn how to add custom fields to events, see the +<> option. + +See the <> setting for other ways to set the +ingest node pipeline dynamically. + +[[pipelines-option-es]] ===== `pipelines` -Similar to the `indices` array, this is an array of pipeline selector -configurations supporting conditionals, format string based field access -and name mappings. The first rule matching will be used to set the -`pipeline` for the event to be published. If `pipelines` is missing or -no rule matches, the `pipeline` field will be used. +An array of pipeline selector rules. Each rule specifies the ingest node +pipeline to use for events that match the rule. During publishing, {beatname_uc} +uses the first matching rule in the array. Rules can contain conditionals, +format string-based fields, and name mappings. If the `pipelines` setting is +missing or no rule matches, the <> setting is +used. + +Rule settings: + +*`pipeline`*:: The pipeline format string to use. If this string contains field +references, such as `%{[fields.name]}`, the fields must exist, or the rule +fails. + +*`mappings`*:: A dictionary that takes the value returned by `pipeline` and maps +it to a new name. -Example elasticsearch output with `pipelines`: +*`default`*:: The default string value to use if `mappings` does not find a +match. + +*`when`*:: A condition that must succeed in order to execute the current rule. +All the <> supported by processors are also supported +here. + +The following example sends events to a specific pipeline based on whether the +`message` field contains the specified string: ["source","yaml"] ------------------------------------------------------------------------------ -filebeat.inputs: -- type: log - paths: ["/var/log/app/normal/*.log"] - fields: - type: "normal" -- type: log - paths: ["/var/log/app/critical/*.log"] - fields: - type: "critical" +output.elasticsearch: + hosts: ["http://localhost:9200"] + pipelines: + - pipeline: "warning_pipeline" + when.contains: + message: "WARN" + - pipeline: "error_pipeline" + when.contains: + message: "ERR" +------------------------------------------------------------------------------ + +The following example sets the pipeline by taking the name returned by the +`pipeline` format string and mapping it to a new name that's used for the +pipeline: + +["source","yaml"] +------------------------------------------------------------------------------ output.elasticsearch: hosts: ["http://localhost:9200"] - index: "filebeat-%{[beat.version]}-%{+yyyy.MM.dd}" pipelines: - - pipeline: critical_pipeline - when.equals: - fields.type: "critical" - - pipeline: normal_pipeline - when.equals: - fields.type: "normal" + - pipeline: "%{[fields.log_type]}" + mappings: + critical: "sev1_pipeline" + normal: "sev2_pipeline" + default: "sev3_pipeline" ------------------------------------------------------------------------------ + + +With this configuration, all events with `log_type: critical` are sent to +`sev1_pipeline`, all events with `log_type: normal` are sent to a +`sev2_pipeline`, and all other events are sent to `sev3_pipeline`. + +For more information about ingest node pipelines, see +<>. + endif::[] ===== `max_retries` @@ -710,37 +823,52 @@ must be configured as well. Only SASL/PLAIN is supported. The password for connecting to Kafka. +[[topic-option-kafka]] ===== `topic` -The Kafka topic used for produced events. The setting can be a format string -using any event field. For example, you can use the -<> configuration option to add a custom -field called `log_topic` to the event, and then set `topic` to the value of the -custom field: +The Kafka topic used for produced events. + +You can set the topic dynamically by using a format string to access any +event field. For example, this configuration uses a custom field, +`fields.log_topic`, to set the topic for each event: [source,yaml] ----- topic: '%{[fields.log_topic]}' ----- +TIP: To learn how to add custom fields to events, see the +<> option. +See the <> setting for other ways to set the +topic dynamically. + +[[topics-option-kafka]] ===== `topics` -Array of topic selector rules supporting conditionals, format string -based field access and name mappings. The first rule matching will be used to -set the `topic` for the event to be published. If `topics` is missing or no -rule matches, the `topic` field will be used. +An array of topic selector rules. Each rule specifies the `topic` to use for +events that match the rule. During publishing, {beatname_uc} sets the `topic` +for each event based on the first matching rule in the array. Rules +can contain conditionals, format string-based fields, and name mappings. If the +`topics` setting is missing or no rule matches, the +<> field is used. Rule settings: -*`topic`*: The topic format string to use. If the fields used are missing, the - rule fails. +*`topic`*:: The topic format string to use. If this string contains field +references, such as `%{[fields.name]}`, the fields must exist, or the rule +fails. + +*`mappings`*:: A dictionary that takes the value returned by `topic` and maps it +to a new name. -*`mapping`*: Dictionary mapping index names to new names +*`default`*:: The default string value to use if `mappings` does not find a +match. -*`default`*: Default string value if `mapping` does not find a match. +*`when`*:: A condition that must succeed in order to execute the current rule. +All the <> supported by processors are also supported +here. -*`when`*: Condition which must succeed in order to execute the current rule. ===== `key` @@ -923,16 +1051,15 @@ The Redis port to use if `hosts` does not contain a port number. The default is The index name added to the events metadata for use by Logstash. The default is "{beatname_lc}". +[[key-option-redis]] ===== `key` The name of the Redis list or channel the events are published to. If not configured, the value of the `index` setting is used. -The redis key can be set dynamically using a format string accessing any -fields in the event to be published. - -This configuration will use the `fields.list` field to set the redis list key. If -`fields.list` is missing, `fallback` will be used. +You can set the key dynamically by using a format string to access any event +field. For example, this configuration uses a custom field, `fields.list`, to +set the Redis list key. If `fields.list` is missing, `fallback` is used: ["source","yaml"] ------------------------------------------------------------------------------ @@ -941,22 +1068,36 @@ output.redis: key: "%{[fields.list]:fallback}" ------------------------------------------------------------------------------ + +TIP: To learn how to add custom fields to events, see the +<> option. + +See the <> setting for other ways to set the key +dynamically. + +[[keys-option-redis]] ===== `keys` -Array of key selector configurations supporting conditionals, format string -based field access and name mappings. The first rule matching will be used to -set the `key` for the event to be published. If `keys` is missing or no -rule matches, the `key` field will be used. +An array of key selector rules. Each rule specifies the `key` to use for events +that match the rule. During publishing, {beatname_uc} uses the first matching +rule in the array. Rules can contain conditionals, format string-based fields, +and name mappings. If the `keys` setting is missing or no rule matches, the +<> setting is used. Rule settings: -*`key`*: The key format string. If the fields used in the format string are missing, the rule fails. +*`index`*:: The key format string to use. If this string contains field +references, such as `%{[fields.name]}`, the fields must exist, or the rule +fails. -*`mapping`*: Dictionary mapping key values to new names +*`mappings`*:: A dictionary that takes the value returned by `key` and maps it to +a new name. -*`default`*: Default string value if `mapping` does not find a match. +*`default`*:: The default string value to use if `mappings` does not find a match. -*`when`*: Condition which must succeed in order to execute the current rule. +*`when`*:: A condition that must succeed in order to execute the current rule. +All the <> supported by processors are also supported +here. Example `keys` settings: @@ -973,10 +1114,10 @@ output.redis: when.contains: message: "DEBUG" - key: "%{[fields.list]}" - mapping: - "http": "frontend_list" - "nginx": "frontend_list" - "mysql": "backend_list" + mappings: + http: "frontend_list" + nginx: "frontend_list" + mysql: "backend_list" ------------------------------------------------------------------------------ ===== `password` diff --git a/libbeat/docs/processors-using.asciidoc b/libbeat/docs/processors-using.asciidoc index ffdaad8237d3..a615da08ff15 100644 --- a/libbeat/docs/processors-using.asciidoc +++ b/libbeat/docs/processors-using.asciidoc @@ -62,9 +62,10 @@ Processors are valid: * At the top-level in the configuration. The processor is applied to all data collected by {beatname_uc}. * Under a specific {processor-scope}. The processor is applied to the data -collected for that {processor-scope}. For example: -+ +collected for that {processor-scope}. ifeval::["{beatname_lc}"=="filebeat"] +For example: ++ [source,yaml] ------ - type: @@ -92,6 +93,8 @@ ifeval::["{beatname_lc}"=="metricbeat"] ---- endif::[] ifeval::["{beatname_lc}"=="auditbeat"] +For example: ++ [source,yaml] ---- auditbeat.modules: @@ -104,6 +107,8 @@ auditbeat.modules: ---- endif::[] ifeval::["{beatname_lc}"=="packetbeat"] +For example: ++ [source,yaml] ---- packetbeat.protocols: @@ -129,6 +134,8 @@ packetbeat.flows: ---- endif::[] ifeval::["{beatname_lc}"=="heartbeat"] +For example: ++ [source,yaml] ---- heartbeat.monitors: @@ -141,6 +148,8 @@ heartbeat.monitors: ---- endif::[] ifeval::["{beatname_lc}"=="winlogbeat"] +For example: ++ [source,yaml] ---- winlogbeat.event_logs: @@ -813,6 +822,20 @@ from Docker containers: * Image * Labels +[NOTE] +===== +When running {beatname_uc} in a container, you need to provide access to +Docker’s unix socket in order for the `add_docker_metadata` processor to work. +You can do this by mounting the socket inside the container. For example: + +`docker run -v /var/run/docker.sock:/var/run/docker.sock ...` + +To avoid privilege issues, you may also need to add `--user=root` to the +`docker run` flags. Because the user must be part of the docker group in order +to access `/var/run/docker.sock`, root access is required if {beatname_uc} is +running as non-root inside the container. +===== + [source,yaml] ------------------------------------------------------------------------------- processors: @@ -861,7 +884,6 @@ for container ID. It defaults to 4 to match `cleanup_timeout`:: (Optional) Time of inactivity to consider we can clean and forget metadata for a container, 60s by default. - [[add-host-metadata]] === Add Host metadata diff --git a/libbeat/docs/shared-kibana-config.asciidoc b/libbeat/docs/shared-kibana-config.asciidoc index 51ba2f0c3e2c..0f72529efb82 100644 --- a/libbeat/docs/shared-kibana-config.asciidoc +++ b/libbeat/docs/shared-kibana-config.asciidoc @@ -35,7 +35,7 @@ Here is an example configuration: [source,yaml] ---- -setup.kibana.host: "localhost:5601" +setup.kibana.host: "http://localhost:5601" ---- [float] @@ -71,7 +71,7 @@ Example config: [source,yaml] ---- setup.kibana.host: "192.0.2.255:5601" -setup.kibana.protocol: "https" +setup.kibana.protocol: "http" setup.kibana.path: /kibana ---- @@ -109,8 +109,7 @@ Example configuration: [source,yaml] ---- -setup.kibana.host: "192.0.2.255:5601" -setup.kibana.protocol: "https" +setup.kibana.host: "https://192.0.2.255:5601" setup.kibana.ssl.enabled: true setup.kibana.ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] setup.kibana.ssl.certificate: "/etc/pki/client/cert.pem" diff --git a/libbeat/docs/shared-ssl-config.asciidoc b/libbeat/docs/shared-ssl-config.asciidoc index 6034a924826a..db18f5416f7b 100644 --- a/libbeat/docs/shared-ssl-config.asciidoc +++ b/libbeat/docs/shared-ssl-config.asciidoc @@ -8,12 +8,15 @@ You can specify SSL options when you configure: ifeval::["{beatname_lc}"=="heartbeat"] * <> that support SSL endif::[] +ifeval::["{beatname_lc}"=="metricbeat"] +* <> that define the host as an HTTP URL +endif::[] Example output config with SSL enabled: [source,yaml] ---- -output.elasticsearch.hosts: ["192.168.1.42:9200"] +output.elasticsearch.hosts: ["https://192.168.1.42:9200"] output.elasticsearch.ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] output.elasticsearch.ssl.certificate: "/etc/pki/client/cert.pem" output.elasticsearch.ssl.key: "/etc/pki/client/cert.key" @@ -27,8 +30,7 @@ Example Kibana endpoint config with SSL enabled: [source,yaml] ---- -setup.kibana.host: "192.0.2.255:5601" -setup.kibana.protocol: "https" +setup.kibana.host: "https://192.0.2.255:5601" setup.kibana.ssl.enabled: true setup.kibana.ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] setup.kibana.ssl.certificate: "/etc/pki/client/cert.pem" @@ -52,6 +54,22 @@ heartbeat.monitors: ------------------------------------------------------------------------------- endif::[] +ifeval::["{beatname_lc}"=="metricbeat"] +Example module with SSL enabled: + +[source,yaml] +---- +- module: http + namespace: "myservice" + enabled: true + period: 10s + hosts: ["https://localhost"] + path: "/stats" + headers: + Authorization: "Bearer test123" + ssl.verification_mode: "none" +---- +endif::[] [float] === Configuration options diff --git a/metricbeat/docs/metricbeat-options.asciidoc b/metricbeat/docs/metricbeat-options.asciidoc index 802431d9ff33..94afdf33fdac 100644 --- a/metricbeat/docs/metricbeat-options.asciidoc +++ b/metricbeat/docs/metricbeat-options.asciidoc @@ -204,8 +204,8 @@ processors in your config. [[module-http-config-options]] === Standard HTTP config options -The modules and metricsets for which the host is defined as a HTTP URL, also -support the following options: +The following options are available for modules and metricsets that define the +host as an HTTP URL: [float] ==== `username` @@ -217,6 +217,14 @@ The username to use for basic authentication. The password to use for basic authentication. +[float] +==== `ssl` + +Configuration options for SSL parameters like the certificate authority to use +for HTTPS-based connections. + +See <> for more information. + [float] ==== `headers` diff --git a/metricbeat/module/elasticsearch/_meta/config.yml b/metricbeat/module/elasticsearch/_meta/config.yml index 1d7db8b1c11d..4a9dde67ad6f 100644 --- a/metricbeat/module/elasticsearch/_meta/config.yml +++ b/metricbeat/module/elasticsearch/_meta/config.yml @@ -3,6 +3,6 @@ # - node # - node_stats period: 10s - hosts: ["localhost:9200"] + hosts: ["http://localhost:9200"] #username: "user" #password: "secret" diff --git a/metricbeat/modules.d/elasticsearch.yml.disabled b/metricbeat/modules.d/elasticsearch.yml.disabled index 76f8c3bb914b..ad04acdb0108 100644 --- a/metricbeat/modules.d/elasticsearch.yml.disabled +++ b/metricbeat/modules.d/elasticsearch.yml.disabled @@ -6,6 +6,6 @@ # - node # - node_stats period: 10s - hosts: ["localhost:9200"] + hosts: ["http://localhost:9200"] #username: "user" #password: "secret"