Once your logs are in Logsene you can build all kinds of reports with Kibana, which is integrated into Logsene, you can get alerts based on data in your logs, you can invite your teammates, so you can all have access to all your logs in one place, and so on. You can now go to your Logsene application and look at the logs you’ve sent: This tells Filebeat to use the configuration file you’ve created and send Elasticsearch log files to Logsene. To do that, run the following command: $./filebeat -c logsene.yml You can now run Filebeat and use your configuration. The last section specifies that you would like to know what Filebeat is doing (and you’ll want to save that information to file). In the above example, you can see a token of aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee, but you should use your own. The third option is the index, and you’ll need to specify your Logsene app token here.The second option specifies the protocol, which in our case is the https.You’ll want to use SSL, but you could also use HTTP and send data to port 80 if you don’t want to use SSL. The first one, called hosts, needs to point to on port 443.You’ll need to provide three properties here: Yes - to Elasticsearch - because Logsene provides the Elasticsearch API. It tells Filebeat to send data to Elasticsearch. Next we disable sending the defaults Filebeat template and finally we configure the output in the section called output. This is done to match the needs of Sematext Cloud templates. In the processors section, we are renaming a field called host and we give it a new name – host_object. log in the /opt/elasticsearch/logs/ directory. In this example we are shipping logs from files ending with the. Index: "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"Ī brief comment on the above configuration: the first section describes which log files should be read and sent to Logsene. To do that you first need to create a new configuration file called logsene.yml and put in it a configuration snippet similar to the one below: filebeat: Once you have the Logsene app token you are ready to configure Filebeat. You will need your token, which you can find in the App Settings section of the menu: If you already have your Logsene application created - great! If not, please go here to get set up.
You just need to remember that Sematext Cloud will only work with the Apache 2.0 licensed Filebeat.Īfter you download the package you need to unpack it into a directory of your choice. For the purposes of this article, we’ve used Filebeat 7.5.2 though the older version will be good as well. The first step is the easiest - you just need to go to the Filebeat download page and get the package for your operating system. In this post, we’ll ship Elasticsearch logs, but Filebeat can tail and ship logs from any log file, of course.
With that in mind, let’s see how to use Filebeat to send log files to Logsene. So we thought the timing was right to make Logsene work as a final destination for data sent using Filebeat. And like any good DevOps team, we like to play with all the tools ourselves. You can use Logstash, or you can use syslog protocol capable tools like rsyslog, or you can just push your logs using the Elasticsearch API just like you would send data to a local Elasticsearch cluster. One of the nice things about our log management and analytics solution Logsene is that you can talk to it using various log shippers.