Redis
Ship Redis Application logs to Logstash
Step 1 - Install Filebeat
deb (Debian/Ubuntu/Mint)
sudo apt-get install apt-transport-https
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo 'deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main' | sudo tee /etc/apt/sources.list.d/beats.list
sudo apt-get update && sudo apt-get install filebeat-oss
rpm (CentOS/RHEL/Fedora)
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
echo "[elastic-6.x]
name=Elastic repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md" | sudo tee /etc/yum.repos.d/elastic-beats.repo
sudo yum install filebeat-oss
Step 2 - Locate Configuration File
deb/rpm /etc/filebeat/filebeat.yml
Step 3 - Enable the Redis Module
There are several built in filebeat modules you can use. You will need to enable the redis module. deb/rpm
sudo filebeat modules list
sudo filebeat modules enable redis
Additional module configuration can be done using the per module config files located in the modules.d folder, most commonly this would be to read logs from a non-default location
deb/rpm /etc/filebeat/modules.d/
mac/win <EXTRACTED_ARCHIVE>/modules.d/
Step 4 - Configure Output
We'll be shipping to Logstash so that we have the option to run filters before the data is indexed. Comment out the elasticsearch output block.
## Comment out elasticsearch output
#output.elasticsearch:
# hosts: ["localhost:9200"]
Uncomment and change the logstash output to match below.
output.logstash:
hosts: ["your-logstash-host:your-port"]
loadbalance: true
ssl.enabled: true
Step 5 - Validate Configuration
Let's check the configuration file is syntactically correct.
deb/rpm
sudo filebeat -e -c /etc/filebeat/filebeat.yml
Step 6 - Start Filebeat
Ok, time to start ingesting data!
deb/rpm
sudo systemctl enable filebeat
sudo systemctl start filebeat
Expand View
