Skip to content

Commit

Permalink
Add Beats default templates (#5197)
Browse files Browse the repository at this point in the history 
* Rename beat prospectors to inputs

This got renamed in Beats 6.3:
elastic/beats#6078

* Add graylog fields to beats default templates

The collector "Show messages" button links to a search
for a matching `gl2_source_collector`.
Thus we need to define these fields in every beats configuration.

Furthermore, we need to set `fields_under_root` because the
new Beats input does not strip away the "fields_" prefix for us.
Only "Beats Legacy" does that.

* Add filebeat and winlogbeat default template

Provide users with a sensible default template
to get them started.

* Fix template variable name

It's called sidecarVersion now.
  • Loading branch information
@mpfz0r
mpfz0r authored and Marius Sturm committed Oct 12, 2018
1 parent 51ba254 commit c57ee8a
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 8 deletions.
32 changes: 30 additions & 2 deletions ...ain/java/org/graylog/plugins/sidecar/migrations/V20180212165000_AddDefaultCollectors.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,12 @@ public ZonedDateTime createdAt() {

@Override
public void upgrade() {
final String beatsPreambel =
"# Needed for Graylog\n" +
"fields_under_root: true\n" +
"fields.collector_node_id: ${nodeId}\n" +
"fields.gl2_source_collector: ${nodeName}\n\n";

ensureCollector(
"filebeat",
"exec",
Expand All @@ -51,7 +57,17 @@ public void upgrade() {
"/var/lib/graylog-sidecar/generated/filebeat.yml",
"-c %s",
"test config -c %s",
""
beatsPreambel +
"filebeat.inputs:\n" +
"- input_type: log\n" +
" paths:\n" +
" - /var/log/*.log\n" +
" type: log\n" +
"output.logstash:\n" +
" hosts: [\"192.168.1.1:5044\"]\n" +
"path:\n" +
" data: /var/cache/graylog-sidecar/filebeat/data\n" +
" logs: /var/log/graylog-sidecar"
);
ensureCollector(
"winlogbeat",
Expand All @@ -61,7 +77,19 @@ public void upgrade() {
"C:\\Program Files\\Graylog\\sidecar\\generated\\winlogbeat.yml",
"-c \"%s\"",
"test config -c \"%s\"",
""
beatsPreambel +
"output.logstash:\n" +
" hosts: [\"192.168.1.1:5044\"]\n" +
"path:\n" +
" data: C:\\Program Files\\Graylog\\sidecar\\cache\\winlogbeat\\data\n" +
" logs: C:\\Program Files\\Graylog\\sidecar\\logs\n" +
"tags:\n" +
" - windows\n" +
"winlogbeat:\n" +
" event_logs:\n" +
" - name: Application\n" +
" - name: System\n" +
" - name: Security"
);
ensureCollector(
"nxlog",
Expand Down
10 changes: 5 additions & 5 deletions graylog2-web-interface/src/components/sidecars/configuration-forms/FilebeatHelper.jsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,17 +11,17 @@ class FilebeatHelper extends React.Component {
};

static toc = {
prospectors: ['log'],
inputs: ['log'],
outputs: ['logstash'],
processors: ['fields', 'drop events'],
};

prospectorsLog = () => {
inputsLog = () => {
return (
<div>
<h3>Log Prospector</h3>
<h3>Log Inputs</h3>
Reads every line of the log file.
{this.example(`filebeat.prospectors:
{this.example(`filebeat.inputs:
- type: log
paths:
- /var/log/apache/httpd-*.log`)}
Expand Down Expand Up @@ -72,7 +72,7 @@ class FilebeatHelper extends React.Component {
{this.example(`ignore_older: 2h`)}

<b>scan_frequency</b><br/>
How often the prospector checks for new files in the paths that are specified
How often the input checks for new files in the paths that are specified
for harvesting.
{this.example(`scan_frequency: 10s`)}

Expand Down
2 changes: 1 addition & 1 deletion graylog2-web-interface/src/components/sidecars/configuration-forms/TemplatesHelper.jsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ class TemplatesHelper extends React.Component {
<td>UUID of the sidecar.</td>
</tr>
<tr>
<td><code>{'${'}collectorVersion{'}'}</code></td>
<td><code>{'${'}sidecarVersion{'}'}</code></td>
<td>Version string of the running sidecar.</td>
</tr>
<tr>
Expand Down

0 comments on commit c57ee8a

Please sign in to comment.