Define the elastic repository version that will determine the version of filebeat:
elastic_major_version: "7.x"
Define the list of logstash endpoint where to send the logs: Define the output for the logs, it can be either elasticsearch or logstash:
filebeat_output_elasticsearch_hosts:
- host1
- host2
or
filebeat_output_logstash_hosts:
- host1
- host2
If you use elasticsearch, the connection will use https and use the login/password of the server to authenticate itself. You can change the protocol to http with:
filebeat_output_elasticsearch_protocol: "http"
You can disable this filebeat role by setting this variable :
filebeat_install: false
By default, filebeat will send the system logs to the index logs-infra-system and the other logs to logs-{{ cosium_project }}-{{ cosium_group }}.
Sometime, you want to send all logs (even for the system), to the logs-{{ cosium_project }}-{{ cosium_group }} index.
If this is the case, you need to set this variable to false:
filebeat_separate_system_logs: false
You can define the loglevel of filebeat, the default is warning, possible values are error, warning, info, debug:
filebeat_logging_level: "warning"
The system module is always enabled.
This role will automatically detect the installation of the following software and enable the correct modules:
You can add more module by creating this list:
filebeat_modules_list:
- system
You can see the list of modules with filebeat modules list.
You can perform an update of filebeat by adding: --extra-vars '{ "filebeat_update" : true }'