Output configuration 

This section is used to configure outputs where events need to be shipped. Events can be sent to single or multiple outputs simultaneously. The allowed outputs are Elasticsearch, Logstash, Kafka, Redis, file, and console.

Some outputs that can be configured are as follows:

  • elasticsearch: It is used to send the events directly to Elasticsearch. 

A sample Elasticsearch output configuration is as follows:

output.elasticsearch:
  enabled: true  
  hosts: ["localhost:9200"]

By using the enabled setting, you can enable or disable the output. hosts accepts one or more Elasticsearch nodes/servers. Multiple hosts can be defined for failover purposes. When multiple hosts are configured, the events are distributed to these nodes in round-robin order. If Elasticsearch is secure, then the credentials can be passed using the username and password settings:

output.elasticsearch:
  enabled: true  
  hosts: ["localhost:9200"]
  username: "elasticuser"
  password: "password"

To ship an event to the Elasticsearch ingest node pipeline so that it can be preprocessed before it is stored in Elasticsearch, the pipeline information can be provided using the pipleline setting:

output.elasticsearch:
  enabled: true  
  hosts: ["localhost:9200"]
  pipeline: "apache_log_pipeline"

  • logstash: This is used to send events to Logstash.
To use Logstash as output, Logstash needs to be configured with the Beats input plugin to receive incoming Beats events.

A sample Logstash output configuration is as follows:

output.logstash:
  enabled: true  
  hosts: ["localhost:5044"]

By using the enabled setting, you can enable or disable the output. hosts accepts one or more Logstash servers. Multiple hosts can be defined for failover purposes. If the configured host is unresponsive, then the event will be sent to one of the other configured hosts. When multiple hosts are configured, the events are distributed in a random order. To enable load balancing of events across the Logstash hosts, use the loadbalance flag, set to true:

output.logstash:
  hosts: ["localhost:5045", "localhost:5046"]
  loadbalance: true

  • consoleThis is used to send the events to stdout. The events are written in JSON format. It is useful during debugging or testing.

A sample console configuration is as follows:

output.console:
  enabled: true
  pretty: true
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.31.24