Start your 14-day free trial today

No Credit Card Required

Try Logit.io Free

Already have an account? Sign In

backBack To Search
Send data via RabbitMQ to your Logstash instance provided by Logit.io

Logstash Rabbitmq App Configuration

Ship RabbitMQ application logs to logstash

Step 1 - Install FilebeatCopy

To get started first follow the steps below:

  • Install
  • Root access
  • Verify the required port is open

Older versions can be found here 7, 6, 5

Step 2 - Locate Configuration FileCopy

deb/rpm /etc/filebeat/filebeat.yml

Step 3 - Add RabbitMQ Log LocationCopy

Filebeat does not currently have a module to process the rabbitmq application logs.

Therefore we need to add the rabbitmq application log location to the filebeat inputs. Since rabbitmq uses a multi-line log format we will need to configure a seperate log section to handle it.

Add the following to the end of the log input example, before the filebeat.config.modules section.

- type: log
  enabled: true
  paths:
    - /var/log/rabbitmq/*.log
  fields:
    type: rabbitmq
  multiline.pattern: ^\=
  multiline.match: before

If you’re running Filebeat 8.1+ filebeat.inputs needs to be filestream instead of logs:

filebeat.inputs:

- type: filestream
  enabled: true
  paths:
    - /var/log/rabbitmq/*.log
  fields:
    type: rabbitmq
  multiline.pattern: ^\=
  multiline.match: before

Step 4 - Configure outputCopy

We'll be shipping to Logstash so that we have the option to run filters before the data is indexed.
Comment out the elasticsearch output block.

## Comment out elasticsearch output
#output.elasticsearch:
#  hosts: ["localhost:9200"]
No input available! Your stack is missing the required input for this data source Talk to support to add the input

Step 5 - Validate configurationCopy

If you have issues starting in the next step, you can use these commands below to troubleshoot.

Let's check the configuration file is syntactically correct by running directly inside the terminal. If the file is invalid, will print an error loading config file error message with details on how to correct the problem.

deb/rpm

sudo  -e -c /etc//.yml

macOS

cd <EXTRACTED_ARCHIVE>
sudo ./ -e -c .yml

Windows

cd <EXTRACTED_ARCHIVE>
.\.exe -e -c .yml

Step 6 - Start filebeatCopy

Start or restart to apply the configuration changes.

Step 7 - Check Logit.io for your logsCopy

Now you should view your logs:

Launch Dashboard

If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.

Step 8 - how to diagnose no data in StackCopy

If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.

Toggle View

Compact View

Return to Search

© 2023 Logit.io Ltd, All rights reserved.