Start your 14-day free trial today & Get 20% Off All Annual Managed ELK Plans

No Credit Card Required

Try Logit.io Free

Already have an account? Sign In

backBack to Search
Send data via RabbitMQ to your Logstash instance provided by Logit.io

Logstash Rabbitmq App Configuration

Ship RabbitMQ application logs to logstash

Step 1 - Install FilebeatCopy

deb (Debian/Ubuntu/Mint)

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-7.8.1-amd64.deb
sudo dpkg -i filebeat-oss-7.8.1-amd64.deb

rpm (CentOS/RHEL/Fedora)

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-7.8.1-x86_64.rpm
sudo rpm -vi filebeat-oss-7.8.1-x86_64.rpm

macOS

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-7.8.1-darwin-x86_64.tar.gz
tar xzvf filebeat-oss-7.8.1-darwin-x86_64.tar.gz

Windows

  • Download the filebeat Windows zip file from the official downloads page.
  • Extract the contents of the zip file into C:\Program Files.
  • Rename the filebeat-<version>-windows directory to filebeat.
  • Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator). If you are running Windows XP, you may need to download and install PowerShell.
  • Run the following commands to install filebeat as a Windows service:
cd 'C:\Program Files\filebeat'
.\install-service-filebeat.ps1
If script execution is disabled on your system, you need to set the execution policy for the current session to allow the script to run. For example: PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-filebeat.ps1.
My OS isn't here! Don't see your system? Check out the official downloads page for more options (including 32-bit versions).

Step 2 - Locate Configuration FileCopy

deb/rpm /etc/filebeat/filebeat.yml

Step 3 - Add RabbitMQ Log LocationCopy

Filebeat does not currently have a module to process the rabbitmq application logs.

Therefore we need to add the rabbitmq application log location to the filebeat inputs. Since rabbitmq uses a multi-line log format we will need to configure a seperate log section to handle it.

Add the following to the end of the log input example, before the filebeat.config.modules section.

- type: log
  enabled: true
  paths:
    - /var/log/rabbitmq/*.log
  fields:
    type: rabbitmq
  multiline.pattern: ^\=
  multiline.match: before

Step 4 - Configure outputCopy

We'll be shipping to Logstash so that we have the option to run filters before the data is indexed.
Comment out the elasticsearch output block.

## Comment out elasticsearch output
#output.elasticsearch:
#  hosts: ["localhost:9200"]

Uncomment and change the logstash output to match below.

output.logstash:
    hosts: ["your-logstash-host:your-ssl-port"]
    loadbalance: true
    ssl.enabled: true

Step 5 - Validate configurationCopy

Let's check the configuration file is syntactically correct by running filebeat directly inside the terminal. If the file is invalid, filebeat will print an error loading config file error message with details on how to correct the problem.

deb/rpm

sudo filebeat -e -c /etc/filebeat/filebeat.yml

macOS

cd <EXTRACTED_ARCHIVE>
./filebeat -e -c filebeat.yml

Windows

cd <EXTRACTED_ARCHIVE>
.\filebeat.exe -e -c filebeat.yml

Step 6 - Start FilebeatCopy

Ok, time to start ingesting data!

deb/rpm

sudo systemctl enable filebeat
sudo systemctl start filebeat
Toggle View

Expand View

Return to Search