From e6a88c04aae5c977931a54755c01d603751be584 Mon Sep 17 00:00:00 2001 From: DeDe Morton Date: Thu, 6 Dec 2018 12:56:37 -0800 Subject: [PATCH] [Docs] Backport to 6.5: multiple doc changes (#9317) * Add linux command examples (#9189) * Update command reference with more info about Functionbeat (#9203) * [Docs] Add info about accessing logs in serverless environments (#9241) --- auditbeat/docs/getting-started.asciidoc | 23 +- auditbeat/docs/index.asciidoc | 1 + filebeat/docs/getting-started.asciidoc | 23 +- .../include/enable-modules-command.asciidoc | 7 + .../include/list-modules-command.asciidoc | 7 + filebeat/docs/include/run-command.asciidoc | 7 + filebeat/docs/include/set-paths.asciidoc | 7 + filebeat/docs/include/setup-command.asciidoc | 7 + filebeat/docs/index.asciidoc | 1 + heartbeat/docs/getting-started.asciidoc | 21 +- heartbeat/docs/index.asciidoc | 1 + journalbeat/docs/index.asciidoc | 1 + libbeat/docs/command-reference.asciidoc | 226 +++++++++++------- libbeat/docs/dashboards.asciidoc | 22 ++ libbeat/docs/loggingconfig.asciidoc | 57 ++++- libbeat/docs/reference-yml.asciidoc | 5 +- libbeat/docs/shared-template-load.asciidoc | 45 +++- metricbeat/docs/gettingstarted.asciidoc | 25 +- metricbeat/docs/index.asciidoc | 1 + packetbeat/docs/gettingstarted.asciidoc | 23 +- packetbeat/docs/index.asciidoc | 1 + 21 files changed, 403 insertions(+), 108 deletions(-) diff --git a/auditbeat/docs/getting-started.asciidoc b/auditbeat/docs/getting-started.asciidoc index a6efca0f3dd3..bd10a539d338 100644 --- a/auditbeat/docs/getting-started.asciidoc +++ b/auditbeat/docs/getting-started.asciidoc @@ -75,6 +75,25 @@ tar xzvf {beatname_lc}-{version}-darwin-x86_64.tar.gz endif::[] +[[linux]] +*linux:* + +ifeval::["{release-state}"=="unreleased"] + +Version {stack-version} of {beatname_uc} has not yet been released. + +endif::[] + +ifeval::["{release-state}"!="unreleased"] + +["source","sh",subs="attributes"] +------------------------------------------------ +curl -L -O https://artifacts.elastic.co/downloads/beats/{beatname_lc}/{beatname_lc}-{version}-linux-x86_64.tar.gz +tar xzvf {beatname_lc}-{version}-linux-x86_64.tar.gz +------------------------------------------------ + +endif::[] + [[docker]] *docker:* @@ -206,12 +225,12 @@ start {beatname_uc} in the foreground. sudo service {beatname_lc} start ---------------------------------------------------------------------- -*mac:* +*mac and linux:* ["source","sh",subs="attributes"] ---------------------------------------------------------------------- sudo chown root {beatname_lc}.yml <1> -sudo ./{beatname_lc} -e -c {beatname_lc}.yml -d "publish" +sudo ./{beatname_lc} -e ---------------------------------------------------------------------- <1> To monitor system files, you'll be running {beatname_uc} as root, so you need to change ownership of the configuration file, or run {beatname_uc} with diff --git a/auditbeat/docs/index.asciidoc b/auditbeat/docs/index.asciidoc index 28e01662b530..2bf016533ab9 100644 --- a/auditbeat/docs/index.asciidoc +++ b/auditbeat/docs/index.asciidoc @@ -17,6 +17,7 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :mac_os: :docker_platform: :win_os: +:linux_os: include::../../libbeat/docs/shared-beats-attributes.asciidoc[] diff --git a/filebeat/docs/getting-started.asciidoc b/filebeat/docs/getting-started.asciidoc index f1371eaadf54..9633fd1fd66b 100644 --- a/filebeat/docs/getting-started.asciidoc +++ b/filebeat/docs/getting-started.asciidoc @@ -75,6 +75,25 @@ tar xzvf filebeat-{version}-darwin-x86_64.tar.gz endif::[] +[[linux]] +*linux:* + +ifeval::["{release-state}"=="unreleased"] + +Version {version} of {beatname_uc} has not yet been released. + +endif::[] + +ifeval::["{release-state}"!="unreleased"] + +["source","sh",subs="attributes,callouts"] +------------------------------------------------ +curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-{version}-linux-x86_64.tar.gz +tar xzvf filebeat-{version}-linux-x86_64.tar.gz +------------------------------------------------ + +endif::[] + [[docker]] *docker:* @@ -223,12 +242,12 @@ sudo service {beatname_lc} start docker run {dockerimage} ---------------------------------------------------------------------- -*mac:* +*mac and linux:* [source,shell] ---------------------------------------------------------------------- sudo chown root filebeat.yml <1> -sudo ./filebeat -e -c filebeat.yml -d "publish" +sudo ./filebeat -e ---------------------------------------------------------------------- <1> You'll be running Filebeat as root, so you need to change ownership of the configuration file, or run Filebeat with `--strict.perms=false` diff --git a/filebeat/docs/include/enable-modules-command.asciidoc b/filebeat/docs/include/enable-modules-command.asciidoc index 98fac1dd4862..243aef3d9216 100644 --- a/filebeat/docs/include/enable-modules-command.asciidoc +++ b/filebeat/docs/include/enable-modules-command.asciidoc @@ -13,6 +13,13 @@ ./{beatname_lc} modules enable {modulename} ---- +*linux:* + +["source","sh",subs="attributes"] +---- +./{beatname_lc} modules enable {modulename} +---- + *win:* ["source","sh",subs="attributes"] diff --git a/filebeat/docs/include/list-modules-command.asciidoc b/filebeat/docs/include/list-modules-command.asciidoc index c3bbcff38a0d..ca4cf789e345 100644 --- a/filebeat/docs/include/list-modules-command.asciidoc +++ b/filebeat/docs/include/list-modules-command.asciidoc @@ -13,6 +13,13 @@ ./{beatname_lc} modules list ---- +*linux:* + +["source","sh",subs="attributes"] +---- +./{beatname_lc} modules list +---- + *win:* ["source","sh",subs="attributes"] diff --git a/filebeat/docs/include/run-command.asciidoc b/filebeat/docs/include/run-command.asciidoc index 80f2bfb5e4f9..158a66ef1501 100644 --- a/filebeat/docs/include/run-command.asciidoc +++ b/filebeat/docs/include/run-command.asciidoc @@ -13,6 +13,13 @@ service {beatname_lc} start ./{beatname_lc} -e ---- +*linux:* + +["source","sh",subs="attributes"] +---- +./{beatname_lc} -e +---- + *win:* ["source","sh",subs="attributes"] diff --git a/filebeat/docs/include/set-paths.asciidoc b/filebeat/docs/include/set-paths.asciidoc index 8f4b1eb50891..07f9ffa0b490 100644 --- a/filebeat/docs/include/set-paths.asciidoc +++ b/filebeat/docs/include/set-paths.asciidoc @@ -28,6 +28,13 @@ must include the module and fileset name. For example: ./{beatname_lc} -e -M "nginx.access.var.paths=[/usr/local/var/log/nginx/access.log*]" ---- +*linux:* + +["source","sh",subs="attributes"] +---- +./{beatname_lc} -e -M "nginx.access.var.paths=[/usr/local/var/log/nginx/access.log*]" +---- + *win:* ["source","sh",subs="attributes"] diff --git a/filebeat/docs/include/setup-command.asciidoc b/filebeat/docs/include/setup-command.asciidoc index 66f4ce361a5c..14642e1aa826 100644 --- a/filebeat/docs/include/setup-command.asciidoc +++ b/filebeat/docs/include/setup-command.asciidoc @@ -13,6 +13,13 @@ ./{beatname_lc} setup -e ---- +*linux:* + +["source","sh",subs="attributes"] +---- +./{beatname_lc} setup -e +---- + *win:* ["source","sh",subs="attributes"] diff --git a/filebeat/docs/index.asciidoc b/filebeat/docs/index.asciidoc index ba4bcce89a8f..d7bc6f260eb1 100644 --- a/filebeat/docs/index.asciidoc +++ b/filebeat/docs/index.asciidoc @@ -15,6 +15,7 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :deb_os: :rpm_os: :mac_os: +:linux_os: :docker_platform: :win_os: diff --git a/heartbeat/docs/getting-started.asciidoc b/heartbeat/docs/getting-started.asciidoc index 2a435afd1180..6008ecec6cfd 100644 --- a/heartbeat/docs/getting-started.asciidoc +++ b/heartbeat/docs/getting-started.asciidoc @@ -81,6 +81,23 @@ tar xzvf heartbeat-{version}-darwin-x86_64.tar.gz endif::[] +[[linux]] +*linux:* + +ifeval::["{release-state}"=="unreleased"] + +Version {version} of {beatname_uc} has not yet been released. + +endif::[] + +ifeval::["{release-state}"!="unreleased"] + +["source","sh",subs="attributes"] +------------------------------------------------ +curl -L -O {downloads}/heartbeat/heartbeat-{version}-linux-x86_64.tar.gz +tar xzvf heartbeat-{version}-linux-x86_64.tar.gz +------------------------------------------------ +endif::[] [[docker]] *docker:* @@ -230,12 +247,12 @@ start Heartbeat in the foreground. sudo service {beatname_lc}-elastic start ---------------------------------------------------------------------- -*mac:* +*mac and linux:* ["source","sh",subs="attributes"] ---------------------------------------------------------------------- sudo chown root heartbeat.yml <1> -sudo ./heartbeat -e -c heartbeat.yml -d "publish" +sudo ./heartbeat -e ---------------------------------------------------------------------- <1> You'll be running Heartbeat as root, so you need to change ownership of the configuration file, or run Heartbeat with `--strict.perms=false` specified. See diff --git a/heartbeat/docs/index.asciidoc b/heartbeat/docs/index.asciidoc index 0176b0072904..53f2cc9a48ce 100644 --- a/heartbeat/docs/index.asciidoc +++ b/heartbeat/docs/index.asciidoc @@ -15,6 +15,7 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :deb_os: :rpm_os: :mac_os: +:linux_os: :docker_platform: :win_os: diff --git a/journalbeat/docs/index.asciidoc b/journalbeat/docs/index.asciidoc index ac818e5b4120..3c99a47bdd10 100644 --- a/journalbeat/docs/index.asciidoc +++ b/journalbeat/docs/index.asciidoc @@ -14,6 +14,7 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :libbeat-docs: Beats Platform Reference :deb_os: :rpm_os: +:linux_os: :no_dashboards: include::../../libbeat/docs/shared-beats-attributes.asciidoc[] diff --git a/libbeat/docs/command-reference.asciidoc b/libbeat/docs/command-reference.asciidoc index 97834b75ba40..e30cabe3b5d6 100644 --- a/libbeat/docs/command-reference.asciidoc +++ b/libbeat/docs/command-reference.asciidoc @@ -19,25 +19,25 @@ :help-command-short-desc: Shows help for any command :keystore-command-short-desc: Manages the <> :modules-command-short-desc: Manages configured modules -:package-command-short-desc: Packages the configuration and executable in a zip file +:package-command-short-desc: Packages the configuration and executable into a zip file :remove-command-short-desc: Removes the specified function from your serverless environment :run-command-short-desc: Runs {beatname_uc}. This command is used by default if you start {beatname_uc} without specifying a command ifndef::deprecate_dashboard_loading[] ifdef::has_ml_jobs[] -:setup-command-short-desc: Sets up the initial environment, including the index template, Kibana dashboards (when available), and machine learning jobs (when available) +:setup-command-short-desc: Sets up the initial environment, including the index template, {kib} dashboards (when available), and machine learning jobs (when available) endif::[] ifndef::has_ml_jobs[] -:setup-command-short-desc: Sets up the initial environment, including the index template and Kibana dashboards (when available) +:setup-command-short-desc: Sets up the initial environment, including the index template and {kib} dashboards (when available) endif::[] endif::[] ifdef::deprecate_dashboard_loading[] -:setup-command-short-desc: Sets up the initial environment, including the ES index template and Kibana dashboards (deprecated). +:setup-command-short-desc: Sets up the initial environment, including the ES index template and {kib} dashboards (deprecated). endif::[] @@ -67,7 +67,6 @@ The command-line also supports <> for controlling global behaviors. ifeval::["{beatname_lc}"!="winlogbeat"] - [TIP] ========================= Use `sudo` to run the following commands if: @@ -76,7 +75,6 @@ Use `sudo` to run the following commands if: * {beatname_uc} is configured to capture data that requires `root` access ========================= - endif::[] [options="header"] @@ -110,8 +108,33 @@ ifeval::[("{beatname_lc}"=="functionbeat")] [[deploy-command]] ==== `deploy` command -{deploy-command-short-desc}. +{deploy-command-short-desc}. Before deploying functions, make sure the user has +the credentials required by your cloud service provider. + +*SYNOPSIS* + +["source","sh",subs="attributes"] +---- +{beatname_lc} deploy FUNCTION_NAME [FLAGS] +---- + +*`FUNCTION_NAME`*:: +Specifies the name of the function to deploy. + +*FLAGS* + +*`-h, --help`*:: +Shows help for the `deploy` command. + +{global-flags} + +*EXAMPLES* +["source","sh",subs="attributes"] +----- +{beatname_lc} deploy cloudwatch +{beatname_lc} deploy sqs +----- endif::[] [[export-command]] @@ -119,7 +142,7 @@ endif::[] {export-command-short-desc}. You can use this command to quickly view your configuration, see the contents of the index -template, or export a dashboard from Kibana. +template, or export a dashboard from {kib}. *SYNOPSIS* @@ -128,55 +151,55 @@ template, or export a dashboard from Kibana. {beatname_lc} export SUBCOMMAND [FLAGS] ---- - *SUBCOMMANDS* *`config`*:: Exports the current configuration to stdout. If you use the `-c` flag, this command exports the configuration that's defined in the specified file. - - -*`dashboard`*:: -Exporting a dashboard allows to store a dashboard on disk in a -module and load it automatically. The following command can be used: +[[dashboard-subcommand]]*`dashboard`*:: +Exports a dashboard. You can use this option to store a dashboard on disk in a +module and load it automatically. For example, to export the dashboard to a JSON +file, run: + ["source","shell",subs="attributes"] ---- -{beatname_lc} export dashboard --id="dashboard-id" > dashboard.json +{beatname_lc} export dashboard --id="DASHBOARD_ID" > dashboard.json ---- + -The `dashboard-id` can be found in the Kibana URL. By default `export dashboard` -will write the dashboard to stdout. Above it's written into `dashboard.json` so -it can later imported again. The file contains the dashboard with all -visualizations and searches. The index pattern is removed as it is -expected to be loaded separately for {beatname_uc}. +To find the `DASHBOARD_ID`, look at the URL for the dashboard in {kib}. By +default, `export dashboard` writes the dashboard to stdout. The example shows +how to write the dashboard to a JSON file so that you can import it later. The +JSON file will contain the dashboard with all visualizations and searches. You +must load the index pattern separately for {beatname_uc}. + -The generated `dashboard.json` file can be copied into the `kibana/6/dashboard` -directory of {beatname_lc} and next time +{beatname_lc} setup dashboards+ is -run the dashboard will be imported. +To load the dashboard, copy the generated `dashboard.json` file into the +`kibana/6/dashboard` directory of {beatname_uc}, and run ++{beatname_lc} setup --dashboards+ to import the dashboard. + -In case Kibana is not running on `localhost:5061` the {beatname_uc} -configuration under `setup.kibana` must be adjusted. +If {kib} is not running on `localhost:5061`, you must also adjust the +{beatname_uc} configuration under `setup.kibana`. -[[template-subcommand]] -*`template`*:: +[[template-subcommand]]*`template`*:: Exports the index template to stdout. You can specify the `--es.version` and `--index` flags to further define what gets exported. *FLAGS* *`--es.version VERSION`*:: -When specified along with <>, exports an index +When used with <>, exports an index template that is compatible with the specified version. *`-h, --help`*:: Shows help for the `export` command. *`--index BASE_NAME`*:: -When specified along with <>, sets the base name -to use for the index template. If this flag is not specified, the default base -name is +{beatname_lc}+. +When used with <>, sets the base name to use for +the index template. If this flag is not specified, the default base name is ++{beatname_lc}+. + +*`--id DASHBOARD_ID`*:: +When used with <>, specifies the dashboard ID. {global-flags} @@ -186,6 +209,7 @@ name is +{beatname_lc}+. ----- {beatname_lc} export config {beatname_lc} export template --es.version {stack-version} --index myindexname +{beatname_lc} export dashboard --id="a7b35890-8baa-11e8-9676-ef67484126fb" > dashboard.json ----- @@ -272,7 +296,7 @@ Shows help for the `keystore` command. {beatname_lc} keystore list ----- -see <> for more examples. +See <> for more examples. ifeval::[("{beatname_lc}"=="functionbeat")] [[package-command]] @@ -280,15 +304,63 @@ ifeval::[("{beatname_lc}"=="functionbeat")] {package-command-short-desc}. +*SYNOPSIS* + +["source","sh",subs="attributes"] +---- +{beatname_lc} package [FLAGS] +---- + +*FLAGS* + +*`-h, --help`*:: +Shows help for the `package` command. + +*`-o, --output`*:: +Specifies the full path to the zip file that will contain the package. + +{global-flags} + +*EXAMPLES* + +["source","sh",subs="attributes"] +----- +{beatname_lc} package /path/to/file.zip +----- + [[remove-command]] ==== `remove` command -{remove-command-short-desc}. +{remove-command-short-desc}. Before removing functions, make sure the user has +the credentials required by your cloud service provider. + +*SYNOPSIS* + +["source","sh",subs="attributes"] +---- +{beatname_lc} remove FUNCTION_NAME [FLAGS] +---- + +*`FUNCTION_NAME`*:: +Specifies the name of the function to remove. + +*FLAGS* +*`-h, --help`*:: +Shows help for the `remove` command. + +{global-flags} + +*EXAMPLES* + +["source","sh",subs="attributes"] +----- +{beatname_lc} remove cloudwatch +{beatname_lc} remove sqs +----- endif::[] ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="metricbeat")] - [[modules-command]] ==== `modules` command @@ -330,26 +402,20 @@ Shows help for the `export` command. *EXAMPLES* ifeval::["{beatname_lc}"=="filebeat"] - ["source","sh",subs="attributes"] ----- {beatname_lc} modules list {beatname_lc} modules enable apache2 auditd mysql ----- - endif::[] ifeval::["{beatname_lc}"=="metricbeat"] - ["source","sh",subs="attributes"] ----- {beatname_lc} modules list {beatname_lc} modules enable apache nginx system ----- - - endif::[] - endif::[] @@ -375,7 +441,6 @@ Or: *FLAGS* ifeval::["{beatname_lc}"=="packetbeat"] - *`-I, --I FILE`*:: Reads packet data from the specified file instead of reading packets from the network. This option is useful only for testing {beatname_uc}. @@ -384,19 +449,17 @@ network. This option is useful only for testing {beatname_uc}. ----- {beatname_lc} run -I ~/pcaps/network_traffic.pcap ----- - endif::[] -*`-N, --N`*:: -Disables the publishing of events to the defined output. This option is useful -only for testing {beatname_uc}. +*`-N, --N`*:: Disables publishing for testing purposes. +ifndef::only-elasticsearch[] +This option disables all outputs except the <>. +endif::only-elasticsearch[] ifeval::["{beatname_lc}"=="packetbeat"] - *`-O, --O`*:: Read packets one by one by pressing _Enter_ after each. This option is useful only for testing {beatname_uc}. - endif::[] *`--cpuprofile FILE`*:: @@ -404,18 +467,14 @@ Writes CPU profile data to the specified file. This option is useful for troubleshooting {beatname_uc}. ifeval::["{beatname_lc}"=="packetbeat"] - *`-devices`*:: Prints the list of devices that are available for sniffing and then exits. - endif::[] ifeval::["{beatname_lc}"=="packetbeat"] - *`-dump FILE`*:: Writes all captured packets to the specified file. This option is useful for troubleshooting {beatname_uc}. - endif::[] *`-h, --help`*:: @@ -426,12 +485,10 @@ Starts an http server for profiling. This option is useful for troubleshooting and profiling {beatname_uc}. ifeval::["{beatname_lc}"=="packetbeat"] - *`-l N`*:: Reads the pcap file `N` number of times. The default is 1. Use this option in combination with the `-I` option. For an infinite loop, use _0_. The `-l` option is useful only for testing {beatname_uc}. - endif::[] *`--memprofile FILE`*:: @@ -439,7 +496,6 @@ Writes memory profile data to the specified output file. This option is useful for troubleshooting {beatname_uc}. ifeval::["{beatname_lc}"=="filebeat"] - *`--modules MODULE_LIST`*:: Specifies a comma-separated list of modules to run. For example: + @@ -452,18 +508,15 @@ Rather than specifying the list of modules every time you run {beatname_uc}, you can use the <> command to enable and disable specific modules. Then when you run {beatname_uc}, it will run any modules that are enabled. - endif::[] ifeval::["{beatname_lc}"=="filebeat"] - *`--once`*:: When the `--once` flag is used, {beatname_uc} starts all configured harvesters and inputs, and runs each input until the harvesters are closed. If you set the `--once` flag, you should also set `close_eof` so the harvester is closed when the end of the file is reached. By default harvesters are closed after `close_inactive` is reached. - endif::[] *`--setup`*:: @@ -472,31 +525,27 @@ deprecated[{deprecate_dashboard_loading}] endif::[] + ifdef::has_ml_jobs[] -Loads the initial setup, including Elasticsearch template, Kibana index pattern, -Kibana dashboards (when available), and Machine learning jobs. +Loads the initial setup, including Elasticsearch template, {kib} index pattern, +{kib} dashboards (when available), and Machine learning jobs. endif::[] ifndef::has_ml_jobs[] -Loads the initial setup, including Elasticsearch template, Kibana index pattern, and Kibana dashboards (when available). +Loads the initial setup, including Elasticsearch template, {kib} index pattern, and {kib} dashboards (when available). endif::[] If you want to use the command without running {beatname_uc}, use the <> command instead. ifeval::["{beatname_lc}"=="metricbeat"] - *`--system.hostfs MOUNT_POINT`*:: Specifies the mount point of the host's filesystem for use in monitoring a host from within a container. - endif::[] ifeval::["{beatname_lc}"=="packetbeat"] - *`-t`*:: Reads packets from the pcap file as fast as possible without sleeping. Use this option in combination with the `-I` option. The `-t` option is useful only for testing Packetbeat. - endif::[] {global-flags} @@ -522,8 +571,8 @@ Or: * The index template ensures that fields are mapped correctly in Elasticsearch. -* The Kibana dashboards make it easier for you to visualize {beatname_uc} data -in Kibana. +* The {kib} dashboards make it easier for you to visualize {beatname_uc} data +in {kib}. ifdef::has_ml_jobs[] * The machine learning jobs contain the configuration information and metadata @@ -545,7 +594,7 @@ environment without actually running {beatname_uc} and ingesting data. ifndef::deprecate_dashboard_loading[] *`--dashboards`*:: -Sets up the Kibana dashboards (when available). This option loads the dashboards +Sets up the {kib} dashboards (when available). This option loads the dashboards from the {beatname_uc} package. For more options, such as loading customized dashboards, see {beatsdevguide}/import-dashboards.html[Importing Existing Beat Dashboards] in the _Beats Developer Guide_. @@ -556,28 +605,24 @@ ifdef::deprecate_dashboard_loading[] deprecated[{deprecate_dashboard_loading}] + -Sets up the Kibana dashboards only. +Sets up the {kib} dashboards only. endif::[] *`-h, --help`*:: Shows help for the `setup` command. ifdef::has_ml_jobs[] - *`--machine-learning`*:: Sets up machine learning job configurations only. - endif::[] ifeval::["{beatname_lc}"=="filebeat"] - *`--modules MODULE_LIST`*:: Specifies a comma-separated list of modules. Use this flag to avoid errors when there are no modules defined in the +{beatname_lc}.yml+ file. *`--pipelines`*:: Sets up ingest pipelines for configured filesets. - endif::[] *`--template`*:: @@ -611,14 +656,12 @@ Sets up the index template only. Tests the configuration settings. ifeval::["{beatname_lc}"=="metricbeat"] - *`modules [MODULE_NAME] [METRICSET_NAME]`*:: Tests module settings for all configured modules. When you run this command, {beatname_uc} does a test run that applies the current settings, retrieves the metrics, and shows them as output. To test the settings for a specific module, specify `MODULE_NAME`. To test the settings for a specific metricset in the module, also specify `METRICSET_NAME`. - endif::[] *`output`*:: @@ -632,18 +675,15 @@ current settings. {global-flags} ifeval::["{beatname_lc}"!="metricbeat"] - *EXAMPLE* ["source","sh",subs="attributes"] ----- {beatname_lc} test config ----- - endif::[] ifeval::["{beatname_lc}"=="metricbeat"] - *EXAMPLES* ["source","sh",subs="attributes"] @@ -651,15 +691,39 @@ ifeval::["{beatname_lc}"=="metricbeat"] {beatname_lc} test config {beatname_lc} test modules system cpu ----- - endif::[] ifeval::[("{beatname_lc}"=="functionbeat")] [[update-command]] ==== `update` command -{update-command-short-desc}. +{update-command-short-desc}. Before updating functions, make sure the user has +the credentials required by your cloud service provider. +*SYNOPSIS* + +["source","sh",subs="attributes"] +---- +{beatname_lc} update FUNCTION_NAME [FLAGS] +---- + +*`FUNCTION_NAME`*:: +Specifies the name of the function to update. + +*FLAGS* + +*`-h, --help`*:: +Shows help for the `update` command. + +{global-flags} + +*EXAMPLES* + +["source","sh",subs="attributes"] +----- +{beatname_lc} update cloudwatch +{beatname_lc} update sqs +----- endif::[] [[version-command]] @@ -686,7 +750,7 @@ endif::[] ["source","sh",subs="attributes"] ----- {beatname_lc} version ----- +----- [float] @@ -708,7 +772,6 @@ This setting is applied to the currently running {beatname_uc} process. The {beatname_uc} configuration file is not changed. ifeval::["{beatname_lc}"=="filebeat"] - *`-M, --M "VAR_NAME=VALUE"`*:: Overrides the default configuration for a {beatname_uc} module. You can specify multiple variable overrides. For example: + @@ -716,7 +779,6 @@ ifeval::["{beatname_lc}"=="filebeat"] ---------------------------------------------------------------------- {beatname_lc} -modules=nginx -M "nginx.access.var.paths=['/var/log/nginx/access.log*']" -M "nginx.access.var.pipeline=no_plugins" ---------------------------------------------------------------------- - endif::[] *`-c, --c FILE`*:: diff --git a/libbeat/docs/dashboards.asciidoc b/libbeat/docs/dashboards.asciidoc index ea210d56c955..96bf17b5527e 100644 --- a/libbeat/docs/dashboards.asciidoc +++ b/libbeat/docs/dashboards.asciidoc @@ -58,6 +58,15 @@ ifdef::mac_os[] ---------------------------------------------------------------------- endif::mac_os[] +ifdef::linux_os[] +*linux:* + +["source","sh",subs="attributes"] +---------------------------------------------------------------------- +./{beatname_lc} setup --dashboards +---------------------------------------------------------------------- +endif::linux_os[] + ifdef::docker_platform[] *docker:* @@ -125,6 +134,19 @@ ifdef::mac_os[] ---- endif::mac_os[] +ifdef::linux_os[] +*linux:* + +["source","sh",subs="attributes"] +---- +./{beatname_lc} setup -e \ + -E output.logstash.enabled=false \ + -E output.elasticsearch.hosts=['localhost:9200'] \ + -E output.elasticsearch.username={beat_default_index_prefix}_internal \ + -E output.elasticsearch.password={pwd} \ + -E setup.kibana.host=localhost:5601 +---- +endif::linux_os[] ifdef::docker_platform[] *docker:* diff --git a/libbeat/docs/loggingconfig.asciidoc b/libbeat/docs/loggingconfig.asciidoc index db34c284a8da..e0e87f66296d 100644 --- a/libbeat/docs/loggingconfig.asciidoc +++ b/libbeat/docs/loggingconfig.asciidoc @@ -14,12 +14,13 @@ == Configure logging The `logging` section of the +{beatname_lc}.yml+ config file contains options -for configuring the logging output. The logging system can write logs to -the syslog or rotate log files. If logging is not explicitly configured the file -output is used. +for configuring the logging output. +ifndef::serverless[] +The logging system can write logs to the syslog or rotate log files. If logging +is not explicitly configured the file output is used. ["source","yaml",subs="attributes"] --------------------------------------------------------------------------------- +---- logging.level: info logging.to_files: true logging.files: @@ -27,11 +28,32 @@ logging.files: name: {beatname_lc} keepfiles: 7 permissions: 0644 --------------------------------------------------------------------------------- +---- TIP: In addition to setting logging options in the config file, you can modify the logging output configuration from the command line. See <>. +endif::serverless[] + +ifdef::serverless[] +For example, the following options configure {beatname_uc} to log all the debug +messages related to event publishing: + +["source","yaml",subs="attributes"] +---- +logging.level: debug +logging.selectors: ["publish"] +---- + +The logs generated by {beatname_uc} are written to the CloudWatch log group for +the function running on Amazon Web Services (AWS). To view the logs, go to the +the monitoring area of the AWS Lambda console and view the CloudWatch log group +for the function. + +// TODO: When we add support for other cloud providers, we will need to modify +// this statement and possibly have a different attribute for each provider to +// show the correct text. +endif::serverless[] [float] === Configuration options @@ -39,6 +61,7 @@ the logging output configuration from the command line. See You can specify the following options in the `logging` section of the +{beatname_lc}.yml+ config file: +ifndef::serverless[] [float] ==== `logging.to_syslog` @@ -60,6 +83,7 @@ rotated when the log file size limit is reached. NOTE: {beatname_uc} only creates a log file if there is logging output. For example, if you set the log <> to `error` and there are no errors, there will be no log file in the directory specified for logs. +endif::serverless[] [float] [[level]] @@ -88,9 +112,11 @@ published. Also logs any warnings, errors, or critical errors. The list of debugging-only selector tags used by different {beatname_uc} components. Use `*` to enable debug output for all components. For example add `publish` to display -all the debug messages related to event publishing. When starting {beatname_lc}, -selectors can be overwritten using the `-d` command line option (`-d` also sets -the debug log level). +all the debug messages related to event publishing. +ifndef::serverless[] +When starting {beatname_lc}, selectors can be overwritten using the `-d` command +line option (`-d` also sets the debug log level). +endif::serverless[] [float] ==== `logging.metrics.enabled` @@ -110,12 +136,12 @@ Here is an example log line: Note that we currently offer no backwards compatible guarantees for the internal metrics and for this reason they are also not documented. - [float] ==== `logging.metrics.period` The period after which to log the internal metrics. The default is 30s. +ifndef::serverless[] [float] ==== `logging.files.path` @@ -163,12 +189,25 @@ Intervals must be at least 1s. Values of 1m, 1h, 24h, 7*24h, 30*24h, and 365*24h are boundary-aligned with minutes, hours, days, weeks, months, and years as reported by the local system clock. All other intervals are calculated from the unix epoch. Defaults to disabled. +endif::serverless[] [float] ==== `logging.json` When true, logs messages in JSON format. The default is false. +ifndef::serverless[] +[float] +==== `logging.files.redirect_stderr` experimental[] + +When true, diagnostic messages printed to {beatname_uc}'s standard error output +will also be logged to the log file. This can be helpful in situations were +{beatname_uc} terminates unexpectedly because an error has been detected by +Go's runtime but diagnostic information is not present in the log file. +This feature is only available when logging to files (`logging.to_files` is true). +Disabled by default. +endif::serverless[] + [float] === Logging format diff --git a/libbeat/docs/reference-yml.asciidoc b/libbeat/docs/reference-yml.asciidoc index f506d61c3377..44361b4fe55d 100644 --- a/libbeat/docs/reference-yml.asciidoc +++ b/libbeat/docs/reference-yml.asciidoc @@ -5,9 +5,8 @@ The following reference file is available with your {beatname_uc} installation. shows all non-deprecated {beatname_uc} options. You can copy from this file and paste configurations into the +{beatname_lc}.yml+ file to customize it. -TIP: For rpm and deb, you'll find the reference configuration file at +/etc/{beatname_lc}/{beatname_lc}.reference.yml+. Under -Docker, it's located at +/usr/share/{beatname_lc}/{beatname_lc}.reference.yml+. For mac and win, -look in the archive that you just extracted. +TIP: The reference file is located in the same directory as the ++{beatname_lc}.yml+ file. To locate the file, see <>. The contents of the file are included here for your convenience. diff --git a/libbeat/docs/shared-template-load.asciidoc b/libbeat/docs/shared-template-load.asciidoc index f3d23d4d767e..f09aec8305eb 100644 --- a/libbeat/docs/shared-template-load.asciidoc +++ b/libbeat/docs/shared-template-load.asciidoc @@ -155,14 +155,24 @@ ifdef::mac_os[] ---- endif::mac_os[] -ifdef::mac_os[] +ifdef::linux_os[] +*linux:* + +["source","sh",subs="attributes"] +---- +./{beatname_lc} setup --template{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' +---- +endif::linux_os[] + + +ifdef::docker_platform[] *docker:* ["source","sh",subs="attributes"] ---------------------------------------------------------------------- docker run {dockerimage} setup --template{disable_logstash} -E 'output.elasticsearch.hosts=["localhost:9200"]' ---------------------------------------------------------------------- -endif::mac_os[] +endif::docker_platform[] ifdef::win_os[] ifndef::win_only[] @@ -187,7 +197,9 @@ endif::win_os[] If you've already used {beatname_uc} to index data into Elasticsearch, the index may contain old documents. After you load the index template, you can delete the old documents from +{beatname_lc}-*+ to force Kibana to look -at the newest documents. Use this command: +at the newest documents. + +Use this command: ifdef::deb_os,rpm_os[] *deb and rpm:* @@ -207,6 +219,15 @@ curl -XDELETE 'http://localhost:9200/{beatname_lc}-*' ---------------------------------------------------------------------- endif::mac_os[] +ifdef::linux_os[] +*linux:* + +["source","sh",subs="attributes"] +---------------------------------------------------------------------- +curl -XDELETE 'http://localhost:9200/{beatname_lc}-*' +---------------------------------------------------------------------- +endif::linux_os[] + ifdef::win_os[] ifndef::win_only[] *win:* @@ -249,6 +270,15 @@ ifdef::mac_os[] ---- endif::mac_os[] +ifdef::linux_os[] +*linux:* + +["source","sh",subs="attributes"] +---- +./{beatname_lc} export template > {beatname_lc}.template.json +---- +endif::linux_os[] + ifdef::win_os[] ifndef::win_only[] *win:* @@ -280,6 +310,15 @@ curl -XPUT -H 'Content-Type: application/json' http://localhost:9200/_template/{ ---- endif::mac_os[] +ifdef::linux_os[] +*linux:* + +["source","sh",subs="attributes"] +---- +curl -XPUT -H 'Content-Type: application/json' http://localhost:9200/_template/{beatname_lc}-{stack-version} -d@{beatname_lc}.template.json +---- +endif::linux_os[] + ifdef::win_os[] ifndef::win_only[] *win:* diff --git a/metricbeat/docs/gettingstarted.asciidoc b/metricbeat/docs/gettingstarted.asciidoc index 1bb8036309fa..75065798e8e9 100644 --- a/metricbeat/docs/gettingstarted.asciidoc +++ b/metricbeat/docs/gettingstarted.asciidoc @@ -84,6 +84,25 @@ tar xzvf {beatname_lc}-{version}-darwin-x86_64.tar.gz endif::[] +[[linux]] +*linux:* + +ifeval::["{release-state}"=="unreleased"] + +Version {stack-version} of {beatname_uc} has not yet been released. + +endif::[] + +ifeval::["{release-state}"!="unreleased"] + +["source","sh",subs="attributes"] +------------------------------------------------ +curl -L -O https://artifacts.elastic.co/downloads/beats/{beatname_lc}/{beatname_lc}-{version}-linux-x86_64.tar.gz +tar xzvf {beatname_lc}-{version}-linux-x86_64.tar.gz +------------------------------------------------ + +endif::[] + [[docker]] *docker:* @@ -178,7 +197,7 @@ The following examples enable the `apache` and `mysql` configs in the {beatname_lc} modules enable apache mysql ---- + -*mac:* +*mac and linux:* + ["source","sh",subs="attributes"] ---- @@ -243,13 +262,13 @@ sudo service {beatname_lc} start See <>. -*mac:* +*mac and linux:* ["source","sh",subs="attributes,callouts"] ---------------------------------------------------------------------- sudo chown root {beatname_lc}.yml <1> sudo chown root modules.d/system.yml <1> -sudo ./{beatname_lc} -e -c {beatname_lc}.yml -d "publish" +sudo ./{beatname_lc} -e ---------------------------------------------------------------------- <1> You'll be running {beatname_uc} as root, so you need to change ownership of the configuration file and any configurations enabled in the `modules.d` directory, diff --git a/metricbeat/docs/index.asciidoc b/metricbeat/docs/index.asciidoc index 7075cb96d880..bcf379225974 100644 --- a/metricbeat/docs/index.asciidoc +++ b/metricbeat/docs/index.asciidoc @@ -15,6 +15,7 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :deb_os: :rpm_os: :mac_os: +:linux_os: :docker_platform: :win_os: diff --git a/packetbeat/docs/gettingstarted.asciidoc b/packetbeat/docs/gettingstarted.asciidoc index d749029d3cc0..60c3b978ce08 100644 --- a/packetbeat/docs/gettingstarted.asciidoc +++ b/packetbeat/docs/gettingstarted.asciidoc @@ -96,6 +96,25 @@ tar xzvf packetbeat-{version}-darwin-x86_64.tar.gz endif::[] +[[linux]] +*linux:* + +ifeval::["{release-state}"=="unreleased"] + +Version {stack-version} of {beatname_uc} has not yet been released. + +endif::[] + +ifeval::["{release-state}"!="unreleased"] + +["source","sh",subs="attributes,callouts"] +---------------------------------------------------------------------- +curl -L -O https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-{version}-linux-x86_64.tar.gz +tar xzvf packetbeat-{version}-linux-x86_64.tar.gz +---------------------------------------------------------------------- + +endif::[] + [[win]] *win:* @@ -272,12 +291,12 @@ sudo service {beatname_lc} start docker run {dockerimage} ---------------------------------------------------------------------- -*mac:* +*mac and linux:* [source,shell] ---------------------------------------------------------------------- sudo chown root packetbeat.yml <1> -sudo ./packetbeat -e -c packetbeat.yml -d "publish" +sudo ./packetbeat -e ---------------------------------------------------------------------- <1> You'll be running Packetbeat as root, so you need to change ownership of the configuration file, or run Packetbeat with `--strict.perms=false` specified. See diff --git a/packetbeat/docs/index.asciidoc b/packetbeat/docs/index.asciidoc index 920377164a6c..e1fb05c3459c 100644 --- a/packetbeat/docs/index.asciidoc +++ b/packetbeat/docs/index.asciidoc @@ -15,6 +15,7 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :deb_os: :rpm_os: :mac_os: +:linux_os: :docker_platform: :win_os: