diff --git a/docs/config-options.asciidoc b/docs/config-options.asciidoc
index 722d9b9534a..4cfdb7d9e09 100644
--- a/docs/config-options.asciidoc
+++ b/docs/config-options.asciidoc
@@ -5,38 +5,35 @@
Configure inputs
++++
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
-
By default, {beatname_uc} reads log events from the default systemd journals. To
specify other journal files, set the <<{beatname_lc}-paths,`paths`>> option in
-the +{beatname_lc}.inputs+ section of the +{beatname_lc}.yml+ file.
-
-The list of paths is a YAML array, so each path begins with a dash (-). Each
-path can be a directory path (to collect events from all journals in a
-directory), or a file path. For example:
+the +{beatname_lc}.inputs+ section of the +{beatname_lc}.yml+ file. Each path
+can be a directory path (to collect events from all journals in a directory), or
+a file path. For example:
["source","sh",subs="attributes"]
----
{beatname_lc}.inputs:
- paths:
- "/dev/log"
- - "/var/log/messages/my-journal-file"
+ - "/var/log/messages/my-journal-file.journal"
----
-Within the +{beatname_lc}.inputs+ section, you can also specify options that
-control the position where {beatname_uc} starts reading the journal file, and
-set filters to reduce the fields that {beatname_uc} needs to process. See
-<<{beatname_lc}-options>> for a list of available options.
-
-[float]
-=== Configuration examples
-
-The following example shows how to monitor multiple journals under the
-same directory. {beatname_uc} merges all journals under the directory into a
-single journal and reads them. With `seek` set to `cursor`, {beatname_uc}
-starts reading at the beginning of the journal, but will continue reading where
-it left off after a reload or restart.
-
+Within the configuration file, you can also specify options that control how
+{beatname_uc} reads the journal files and which fields are sent to the
+configured output. See <<{beatname_lc}-options>> for a list of available
+options.
+
+The following examples show how to configure {beatname_uc} for some common use
+cases.
+
+[[monitor-multiple-journals]]
+.Example 1: Monitor multiple journals under the same directory
+This example configures {beatname_uc} to read from multiple journals that are
+stored under the same directory. {beatname_uc} merges all journals under the
+directory into a single event stream and reads the events. With `seek` set to
+`cursor`, {beatname_uc} starts reading at the beginning of the journal, but will
+continue reading at the last known position after a reload or restart.
["source","sh",subs="attributes"]
----
{beatname_lc}.inputs:
@@ -44,31 +41,32 @@ it left off after a reload or restart.
seek: cursor
----
-The following examples show how to get Redis events from a Docker container that
-is tagged as `redis`.
-
-//TODO: Add a better explanation of the options.
-
-This example uses the translated fields by Journald:
-
+[[filter-using-field-names]]
+.Example 2: Fetch log events for Redis running on Docker (uses field names from systemd)
+This example configures {beatname_uc} to fetch log events for Redis running in a
+Docker container. The fields are matched using field names from the systemd
+journal.
["source","sh",subs="attributes"]
----
{beatname_lc}.inputs:
- paths: []
include_matches:
- - "container.image.tag=redis"
- - "process.name=redis"
+ - "CONTAINER_TAG=redis"
+ - "_COMM=redis"
----
-This example uses the field names from the systemd journal:
-
+[[filter-using-translated-names]]
+.Example 3: Fetch log events for Redis running on Docker (uses translated field names)
+This example also configures {beatname_uc} to fetch log events for Redis running
+in a Docker container. However, in this example the fields are matched using the
+<> provided by {beatname_uc}.
["source","sh",subs="attributes"]
----
{beatname_lc}.inputs:
- paths: []
include_matches:
- - "CONTAINER_TAG=redis"
- - "_COMM=redis"
+ - "container.image.tag=redis"
+ - "process.name=redis"
----
[id="{beatname_lc}-options"]
@@ -86,7 +84,21 @@ path (to collect events from all journals in a directory), or a file path. If
you specify a directory, {beatname_uc} merges all journals under the directory
into a single journal and reads them.
-//QUESTION: Are globs supported? If so, I need to add more detail here.
+If no paths are specified, {beatname_uc} reads from the default journal.
+
+[float]
+[id="{beatname_lc}-backoff"]
+==== `backoff`
+
+The number of seconds to wait before trying to read again from journals. The
+default is 1s.
+
+[float]
+[id="{beatname_lc}-max-backoff"]
+==== `max_backoff`
+
+The maximum number of seconds to wait before attempting to read again from
+journals. The default is 60s.
[float]
[id="{beatname_lc}-seek"]
@@ -94,9 +106,112 @@ into a single journal and reads them.
The position to start reading the journal from. Valid settings are:
-* `head`: Starts reading at the beginning of the file.
-* `tail`: Starts reading at the end of the file.
-* `cursor`: Initially starts reading at the beginning of the file, but continues
-reading where it left off after a reload or restart.
+* `head`: Starts reading at the beginning of the journal. After a restart,
+{beatname_uc} resends all log messages in the journal.
+* `tail`: Starts reading at the end of the journal. After a restart,
+{beatname_uc} resends the last message, which might result in duplicates. If
+multiple log messages are written to a journal while {beatname_uc} is down,
+only the last log message is sent on restart.
+* `cursor`: On first read, starts reading at the beginning of the journal. After a
+reload or restart, continues reading at the last known position.
+
+When specified under `paths`, the `seek` setting applies to all journals under
+the configured paths. When specified directly under the +{beatname_lc}+
+namespace, the setting applies to all journals read by {beatname_uc}.
-//TODO: ADD OTHER OPTIONS HERE.
\ No newline at end of file
+If you have old log files and want to skip lines, start {beatname_uc} with
+`seek: tail` specified. Then stop {beatname_uc}, set `seek: cursor`, and restart
+{beatname_uc}.
+
+[float]
+[id="{beatname_lc}-include-matches"]
+==== `include_matches`
+
+A list of filter expressions used to match fields. The format of the expression
+is `field=value`. {beatname_uc} fetches all events that exactly match the
+expressions. Pattern matching is not supported.
+
+To reference fields, use one of the following:
+
+* The field name used by the systemd journal. For example,
+`CONTAINER_TAG=redis` (<>).
+* The <> used by
+{beatname_uc}. For example, `container.image.tag=redis`
+(<>). {beatname_uc}
+does not translate all fields from the journal. For custom fields, use the name
+specified in the systemd journal.
+
+When specified under `paths`, the `include_matches` filter is applied to all
+journals under the configured paths. When specified directly under the
++{beatname_lc}+ namespace, the setting applies to all journals read by
+{beatname_uc}.
+
+[float]
+[[translated-fields]]
+=== Translated field names
+
+You can use the following translated names in filter expressions to reference
+journald fields:
+
+[horizontal]
+*Journald field name*:: *Translated name*
+`COREDUMP_UNIT`:: `journald.coredump.unit`
+`COREDUMP_USER_UNIT`:: `journald.coredump.user_unit`
+`OBJECT_AUDIT_LOGINUID`:: `journald.object.audit.login_uid`
+`OBJECT_AUDIT_SESSION`:: `journald.object.audit.session`
+`OBJECT_CMDLINE`:: `journald.object.cmd`
+`OBJECT_COMM`:: `journald.object.name`
+`OBJECT_EXE`:: `journald.object.executable`
+`OBJECT_GID`:: `journald.object.gid`
+`OBJECT_PID`:: `journald.object.pid`
+`OBJECT_SYSTEMD_OWNER_UID`:: `journald.object.systemd.owner_uid`
+`OBJECT_SYSTEMD_SESSION`:: `journald.object.systemd.session`
+`OBJECT_SYSTEMD_UNIT`:: `journald.object.systemd.unit`
+`OBJECT_SYSTEMD_USER_UNIT`:: `journald.object.systemd.user_unit`
+`OBJECT_UID`:: `journald.object.uid`
+`_AUDIT_LOGINUID`:: `process.audit.login_uid`
+`_AUDIT_SESSION`:: `process.audit.session`
+`_BOOT_ID`:: `host.boot_id`
+`_CAP_EFFECTIVE`:: `process.capabilites`
+`_CMDLINE`:: `process.cmd`
+`_CODE_FILE`:: `journald.code.file`
+`_CODE_FUNC`:: `journald.code.func`
+`_CODE_LINE`:: `journald.code.line`
+`_COMM`:: `process.name`
+`_EXE`:: `process.executable`
+`_GID`:: `process.uid`
+`_HOSTNAME`:: `host.name`
+`_KERNEL_DEVICE`:: `journald.kernel.device`
+`_KERNEL_SUBSYSTEM`:: `journald.kernel.subsystem`
+`_MACHINE_ID`:: `host.id`
+`_MESSAGE`:: `message`
+`_PID`:: `process.pid`
+`_PRIORITY`:: `syslog.priority`
+`_SYSLOG_FACILITY`:: `syslog.facility`
+`_SYSLOG_IDENTIFIER`:: `syslog.identifier`
+`_SYSLOG_PID`:: `syslog.pid`
+`_SYSTEMD_CGROUP`:: `systemd.cgroup`
+`_SYSTEMD_INVOCATION_ID`:: `systemd.invocation_id`
+`_SYSTEMD_OWNER_UID`:: `systemd.owner_uid`
+`_SYSTEMD_SESSION`:: `systemd.session`
+`_SYSTEMD_SLICE`:: `systemd.slice`
+`_SYSTEMD_UNIT`:: `systemd.unit`
+`_SYSTEMD_USER_SLICE`:: `systemd.user_slice`
+`_SYSTEMD_USER_UNIT`:: `systemd.user_unit`
+`_TRANSPORT`:: `systemd.transport`
+`_UDEV_DEVLINK`:: `journald.kernel.device_symlinks`
+`_UDEV_DEVNODE`:: `journald.kernel.device_node_path`
+`_UDEV_SYSNAME`:: `journald.kernel.device_name`
+`_UID`:: `process.uid`
+
+
+The following translated fields for
+https://docs.docker.com/config/containers/logging/journald/[Docker] are also
+available:
+
+[horizontal]
+`CONTAINER_ID`:: `conatiner.id_truncated`
+`CONTAINER_ID_FULL`:: `container.id`
+`CONTAINER_NAME`:: `container.name`
+`CONTAINER_PARTIAL_MESSAGE`:: `container.partial`
+`CONTAINER_TAG`:: `container.image.tag`
diff --git a/docs/configuring-howto.asciidoc b/docs/configuring-howto.asciidoc
index 95d56d427f2..c23d40d50e2 100644
--- a/docs/configuring-howto.asciidoc
+++ b/docs/configuring-howto.asciidoc
@@ -4,21 +4,11 @@
[partintro]
--
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
-
Before modifying configuration settings, make sure you've completed the
<<{beatname_lc}-configuration,configuration steps>> in the Getting Started.
This section describes some common use cases for changing configuration options.
-To configure {beatname_uc}, you edit the configuration file. For rpm and deb,
-you’ll find the configuration file at +/etc/{beatname_lc}/{beatname_lc}.yml+.
-There's also a full example configuration file at
-+/etc/{beatname_lc}/{beatname_lc}.reference.yml+ that shows all non-deprecated
-options. For mac and win, look in the archive that you extracted.
-
-The {beatname_uc} configuration file uses http://yaml.org/[YAML] for its syntax.
-See the {libbeat}/config-file-format.html[Config File Format] section of the
-_{libbeat_docs}_ for more about the structure of the config file.
+include::../../libbeat/docs/shared-configuring.asciidoc[]
The following topics describe how to configure {beatname_uc}:
@@ -31,15 +21,13 @@ The following topics describe how to configure {beatname_uc}:
* <>
* <>
* <>
-* <>
* <>
* <>
* <>
-//* <>
* <>
* <>
* <>
-//* <<{beatname_lc}-reference-yml>>
+* <<{beatname_lc}-reference-yml>>
--
@@ -47,9 +35,7 @@ include::./config-options.asciidoc[]
include::./general-options.asciidoc[]
-:allplatforms:
include::../../libbeat/docs/queueconfig.asciidoc[]
-:allplatforms!:
include::../../libbeat/docs/outputconfig.asciidoc[]
@@ -71,20 +57,12 @@ include::../../libbeat/docs/loggingconfig.asciidoc[]
include::../../libbeat/docs/shared-env-vars.asciidoc[]
:standalone!:
-//OPEN ISSUE: DO WE NEED AUTODISCOVER?
-//include::../../libbeat/docs/shared-autodiscover.asciidoc[]
-
:standalone:
-:allplatforms:
include::../../libbeat/docs/yaml.asciidoc[]
:standalone!:
-:allplatforms!:
include::../../libbeat/docs/regexp.asciidoc[]
include::../../libbeat/docs/http-endpoint.asciidoc[]
-// TODO: Uncomment the following include statement when the reference yaml file
-// is available in the repo. Also uncomment the link in the jump list at the top
-// of this file.
-//include::../../libbeat/docs/reference-yml.asciidoc[]
+include::../../libbeat/docs/reference-yml.asciidoc[]
diff --git a/docs/faq.asciidoc b/docs/faq.asciidoc
index 6d5b4ed296e..9e0d0a0c158 100644
--- a/docs/faq.asciidoc
+++ b/docs/faq.asciidoc
@@ -1,24 +1,10 @@
[[faq]]
== Frequently asked questions
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
-
This section contains frequently asked questions about {beatname_uc}. Also check
out the https://discuss.elastic.co/c/beats/{beatname_lc}[{beatname_uc}
discussion forum].
-[float]
-[id="{beatname_lc}-sometext"]
-=== Question 1?
-
-ADD DESCRIPTION HERE
-
-[float]
-[id="{beatname_lc}-sometext2"]
-=== Question 2?
-
-ADD DESCRIPTION HERE
-
include::../../libbeat/docs/faq-limit-bandwidth.asciidoc[]
include::../../libbeat/docs/shared-faq.asciidoc[]
diff --git a/docs/filtering.asciidoc b/docs/filtering.asciidoc
index e75b4e73bd7..c9182ebe46d 100644
--- a/docs/filtering.asciidoc
+++ b/docs/filtering.asciidoc
@@ -1,20 +1,15 @@
[[filtering-and-enhancing-data]]
== Filter and enhance the exported data
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
-
Your use case might require only a subset of the data exported by {beatname_uc},
or you might need to enhance the exported data (for example, by adding
metadata). {beatname_uc} provides a couple of options for filtering and
enhancing exported data.
-You can configure each input to include or exclude specific lines or files. This
-allows you to specify different filtering criteria for each input. To do this,
-you use the `include_lines`, `exclude_lines`, and `exclude_files` options under
-the +{beatname_lc}.inputs+ section of the config file (see
-<>). The disadvantage of this approach is
-that you need to implement a configuration option for each filtering criteria
-that you need.
+You can configure {beatname_uc} to include events that match specific filtering
+criteria. To do this, use the <<{beatname_lc}-include-matches,`include_matches`>>
+option. The advantage of this approach is that you can reduce the number of
+fields that {beatname_uc} needs to process.
Another approach (the one described here) is to define processors to configure
global processing across all data exported by {beatname_uc}.
@@ -26,12 +21,6 @@ global processing across all data exported by {beatname_uc}.
include::../../libbeat/docs/processors.asciidoc[]
-[float]
-[[specific-example]]
-==== XYZ example
-
-ADD EXAMPLES SPECIFIC TO THE BEAT, OR DELETE THIS SECTION
-
// You must set the processor-scope attribute to resolve the attribute reference
// defined in processors-using.asciidoc. The attribute is used to indicate where
// processors are valid. If processors are valid in more than two locations
diff --git a/docs/general-options.asciidoc b/docs/general-options.asciidoc
index 97367b71aac..71ab82fc54c 100644
--- a/docs/general-options.asciidoc
+++ b/docs/general-options.asciidoc
@@ -1,10 +1,58 @@
[[configuration-general-options]]
== Specify general settings
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
-
You can specify settings in the +{beatname_lc}.yml+ config file to control the
-general behavior of {beatname_uc}.
+general behavior of {beatname_uc}. This includes:
+
+* <> that control things like
+publisher behavior and the location of some files.
+
+* <> that are supported by all Elastic
+Beats.
+
+[float]
+[[configuration-global-options]]
+=== Global {beatname_uc} configuration options
+
+These options are in the +{beatname_lc}+ namespace.
+
+[float]
+[id="{beatname_lc}-registry-file"]
+==== `registry_file`
+
+The name of the registry file. If a relative path is used, it is considered relative to the
+data path. See the <> section for details. The default is `${path.data}/registry`.
+
+["source","sh",subs="attributes"]
+----
+{beatname_lc}.registry_file: registry
+----
+
+[float]
+==== `backoff`
+This option is valid as a global setting under the +{beatname_lc}+ namespace
+or under `paths`. For a description of this option, see
+<<{beatname_lc}-backoff,`backoff`>>.
+
+[float]
+==== `max_backoff`
+This option is valid as a global setting under the +{beatname_lc}+ namespace
+or under `paths`. For a description of this option, see
+<<{beatname_lc}-max-backoff,`max_backoff`>>.
+
+[float]
+==== `seek`
+
+This option is valid as a global setting under the +{beatname_lc}+ namespace
+or under `paths`. For a description of this option, see
+<<{beatname_lc}-seek,`seek`>>.
+
+[float]
+==== `include_matches`
+
+This option is valid as a global setting under the +{beatname_lc}+ namespace
+or under `paths`. For a description of this option, see
+<<{beatname_lc}-include-matches,`include_matches`>>.
include::../../libbeat/docs/generalconfig.asciidoc[]
diff --git a/docs/getting-started.asciidoc b/docs/getting-started.asciidoc
index 6fffeff4b5e..37b835b96d0 100644
--- a/docs/getting-started.asciidoc
+++ b/docs/getting-started.asciidoc
@@ -1,24 +1,17 @@
[id="{beatname_lc}-getting-started"]
-== Getting Started With {beatname_uc}
-
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
+== Getting started with {beatname_uc}
include::../../libbeat/docs/shared-getting-started-intro.asciidoc[]
* <<{beatname_lc}-installation>>
* <<{beatname_lc}-configuration>>
* <<{beatname_lc}-template>>
-* <>
* <<{beatname_lc}-starting>>
-* <>
* <>
[id="{beatname_lc}-installation"]
=== Step 1: Install {beatname_uc}
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
-
-:no-docker:
include::../../libbeat/docs/shared-download-and-install.asciidoc[]
[[deb]]
@@ -59,8 +52,8 @@ sudo rpm -vi {beatname_lc}-{version}-x86_64.rpm
endif::[]
-[[mac]]
-*mac:*
+[[linux]]
+*linux:*
ifeval::["{release-state}"=="unreleased"]
@@ -72,51 +65,19 @@ ifeval::["{release-state}"!="unreleased"]
["source","sh",subs="attributes"]
------------------------------------------------
-curl -L -O https://artifacts.elastic.co/downloads/beats/{beatname_lc}/{beatname_lc}-{version}-darwin-x86_64.tar.gz
-tar xzvf {beatname_lc}-{version}-darwin-x86_64.tar.gz
+curl -L -O https://artifacts.elastic.co/downloads/beats/{beatname_lc}/{beatname_lc}-{version}-linux-x86_64.tar.gz
+tar xzvf {beatname_lc}-{version}-linux-x86_64.tar.gz
------------------------------------------------
endif::[]
-[[win]]
-*win:*
-
-ifeval::["{release-state}"=="unreleased"]
-
-Version {version} of {beatname_uc} has not yet been released.
-
-endif::[]
-
-ifeval::["{release-state}"!="unreleased"]
-
-. Download the {beatname_uc} Windows zip file from the
-https://www.elastic.co/downloads/beats/{beatname_lc}[downloads page].
-
-. Extract the contents of the zip file into `C:\Program Files`.
-
-. Rename the +{beatname_lc}--windows+ directory to +{beatname_uc}+.
-
-. Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select *Run As Administrator*).
-
-. From the PowerShell prompt, run the following commands to install {beatname_uc} as a
-Windows service:
-+
-["source","sh",subs="attributes"]
-----------------------------------------------------------------------
-PS > cd 'C:{backslash}Program Files{backslash}{beatname_uc}'
-PS C:{backslash}Program Files{backslash}{beatname_uc}> .{backslash}install-service-{beatname_lc}.ps1
-----------------------------------------------------------------------
-
-NOTE: If script execution is disabled on your system, you need to set the execution policy for the current session to allow the script to run. For example: +PowerShell.exe -ExecutionPolicy UnRestricted -File .\install-service-{beatname_lc}.ps1+.
-
-endif::[]
-
[id="{beatname_lc}-configuration"]
=== Step 2: Configure {beatname_uc}
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
+Before running {beatname_uc}, you can specify the location of the systemd
+journal files and configure how you want the files to be read. If you accept the
+default configuration, {beatname_uc} reads from the local journal.
-:no-docker:
include::../../libbeat/docs/shared-configuring.asciidoc[]
Here is a sample of the +{beatname_lc}+ section of the +{beatname_lc}.yml+ file.
@@ -126,7 +87,7 @@ Here is a sample of the +{beatname_lc}+ section of the +{beatname_lc}.yml+ file.
----------------------------------------------------------------------
journalbeat.inputs:
- paths: ["/path/to/journal/directory"]
- seek: cursor
+ seek: head
----------------------------------------------------------------------
To configure {beatname_uc}:
@@ -140,20 +101,23 @@ path. For example:
{beatname_lc}.inputs:
- paths:
- "/dev/log"
- - "/var/log/messages/my-journal-file"
+ - "/var/log/messages/my-journal-file.journal"
----
+
If no paths are specified, {beatname_uc} reads from the default journal.
-. Set the `seek` option to control the position where {beatname_uc} starts
-reading the journal. The available options are `head`, `tail`, and `cursor`.
-Typically, you'll set `seek: cursor` so {beatname_uc} can continue reading
-where it left off after a reload or restart.
-
-. Optional: Set the `include_matches` option to filter entries in journald
-before collecting any log events. This reduces the number of fields that the
-Beat needs to process. For example, to fetch only Redis events from a Docker
-container tagged as `redis`, use:
+. Set the <<{beatname_lc}-seek,`seek`>> option to control the position where
+{beatname_uc} starts reading the journal. The available options are `head`,
+`tail`, and `cursor`. The default is `cursor`, which means that on first read,
+{beatname_uc} starts reading at the beginning of the file, but continues reading
+at the last known position after a reload or restart. For more detail about
+the settings, see the reference docs for the
+<<{beatname_lc}-seek,`seek` option>>.
+
+. (Optional) Set the <<{beatname_lc}-include-matches,`include_matches`>> option
+to filter entries in journald before collecting any log events. This reduces the
+number of events that {beatname_uc} needs to process. For example, to fetch only
+Redis events from a Docker container tagged as `redis`, use:
+
["source","sh",subs="attributes"]
----
@@ -163,8 +127,6 @@ container tagged as `redis`, use:
- "CONTAINER_TAG=redis"
- "_COMM=redis"
----
-+
-See <> for more about this setting.
include::../../libbeat/docs/step-configure-output.asciidoc[]
@@ -180,23 +142,10 @@ include::../../libbeat/docs/step-look-at-config.asciidoc[]
[id="{beatname_lc}-template"]
=== Step 3: Load the index template in Elasticsearch
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
-
-:allplatforms:
include::../../libbeat/docs/shared-template-load.asciidoc[]
-[[load-kibana-dashboards]]
-=== Step 4: Set up the Kibana dashboards
-
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
-
-:allplatforms:
-include::../../libbeat/docs/dashboards.asciidoc[]
-
[id="{beatname_lc}-starting"]
-=== Step 5: Start {beatname_uc}
-
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
+=== Step 4: Start {beatname_uc}
Start {beatname_uc} by issuing the appropriate command for your platform. If you
are accessing a secured Elasticsearch cluster, make sure you've configured
@@ -206,26 +155,19 @@ NOTE: If you use an init.d script to start {beatname_uc} on deb or rpm, you can'
specify command line flags (see <>). To specify flags,
start {beatname_uc} in the foreground.
-*deb:*
-
-["source","sh",subs="attributes"]
-----------------------------------------------------------------------
-sudo service {beatname_lc} start
-----------------------------------------------------------------------
-
-*rpm:*
+*deb and rpm:*
["source","sh",subs="attributes"]
----------------------------------------------------------------------
sudo service {beatname_lc} start
----------------------------------------------------------------------
-*mac:*
+*linux:*
["source","sh",subs="attributes"]
----------------------------------------------------------------------
sudo chown root {beatname_lc}.yml <1>
-sudo ./{beatname_lc} -e -c {beatname_lc}.yml -d "publish"
+sudo ./{beatname_lc} -e
----------------------------------------------------------------------
<1> You'll be running {beatname_uc} as root, so you need to change ownership
of the configuration file, or run {beatname_uc} with `--strict.perms=false`
@@ -233,38 +175,28 @@ specified. See
{libbeat}/config-file-permissions.html[Config File Ownership and Permissions]
in the _Beats Platform Reference_.
-*win:*
-
-["source","sh",subs="attributes"]
-----------------------------------------------------------------------
-PS C:{backslash}Program Files{backslash}{beatname_uc}> Start-Service {beatname_lc}
-----------------------------------------------------------------------
-
-
-By default, Windows log files are stored in +C:\ProgramData\{beatname_lc}\Logs+.
-
-{beatname_uc} is now ready to send log files to your defined output.
+{beatname_uc} is now ready to send journal events to the defined output.
[[view-kibana-dashboards]]
-=== Step 6: View the sample Kibana dashboards
-
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
+=== Step 5: View your data in Kibana
-To make it easier for you to explore {beatname_uc} data in Kibana, we've created
-example {beatname_uc} dashboards. You loaded the dashboards earlier when you
-ran the `setup` command.
+There are currently no example dashboards available for {beatname_uc}.
-include::../../libbeat/docs/opendashboards.asciidoc[]
+To learn how to view and explore your data, see the
+_{kibana-ref}/index.html[{kib} User Guide]_.
-You can use these dashboards as examples and
-{kibana-ref}/dashboard.html[customize] them to meet your needs.
+[NOTE]
+=====
+By default, the Logs UI in {kib} only shows logs from `filebeat-*`
+indexes. To show {beatname_uc} indexes, add the following settings to the {kib}
+configuration:
-To populate the example dashboards with data, you need to either
-<> or use Logstash to
-parse the data into the fields expected by the dashboards.
-
-Here is an example of the {beatname_uc} ADD DASHBOARD NAME dashboard:
+[source,yaml]
+----
+xpack.infra:
+ sources:
+ default:
+ logAlias: "filebeat-*,journalbeat-*"
+----
-// Add an example of the dashboard
-//[role="screenshot"]
-//image:./images/add-image-name.png[]
+=====
diff --git a/docs/how-it-works.asciidoc b/docs/how-it-works.asciidoc
deleted file mode 100644
index 375c55507e3..00000000000
--- a/docs/how-it-works.asciidoc
+++ /dev/null
@@ -1,6 +0,0 @@
-[id="how-{beatname_lc}-works"]
-== How {beatname_uc} works
-
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
-
-DESCRIBE HOW THE BEAT WORKS.
diff --git a/docs/index.asciidoc b/docs/index.asciidoc
index be27ac9a406..2c6febb6417 100644
--- a/docs/index.asciidoc
+++ b/docs/index.asciidoc
@@ -11,8 +11,10 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[]
:github_repo_name: beats
:discuss_forum: beats/{beatname_lc}
:beat_default_index_prefix: {beatname_lc}
-:has_ml_jobs: no
:libbeat-docs: Beats Platform Reference
+:deb_os:
+:rpm_os:
+:no_dashboards:
include::../../libbeat/docs/shared-beats-attributes.asciidoc[]
@@ -26,9 +28,6 @@ include::../../libbeat/docs/repositories.asciidoc[]
include::./setting-up-running.asciidoc[]
-//TODO: Decide whether this requires a separate topic
-//include::./how-it-works.asciidoc[]
-
include::./configuring-howto.asciidoc[]
include::./fields.asciidoc[]
diff --git a/docs/overview.asciidoc b/docs/overview.asciidoc
index 8ed7b455388..d8c018c38a4 100644
--- a/docs/overview.asciidoc
+++ b/docs/overview.asciidoc
@@ -5,8 +5,6 @@
Overview
++++
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
-
{beatname_uc} is a lightweight shipper for forwarding and centralizing log data
from https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html[systemd journals].
Installed as an agent on your servers, {beatname_uc} monitors the journal
diff --git a/docs/running-on-kubernetes.asciidoc b/docs/running-on-kubernetes.asciidoc
deleted file mode 100644
index 16b53e8e3af..00000000000
--- a/docs/running-on-kubernetes.asciidoc
+++ /dev/null
@@ -1,6 +0,0 @@
-[id="running-{beatname_lc}-on-kubernetes"]
-=== Running {beatname_uc} on Kubernetes
-
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
-
-ADD CONTENT HERE.
diff --git a/docs/setting-up-running.asciidoc b/docs/setting-up-running.asciidoc
index 8f7ccba3bb8..aeed49f8051 100644
--- a/docs/setting-up-running.asciidoc
+++ b/docs/setting-up-running.asciidoc
@@ -7,8 +7,6 @@
[[setting-up-and-running]]
== Setting up and running {beatname_uc}
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
-
Before reading this section, see the
<<{beatname_lc}-getting-started,getting started documentation>> for basic
installation instructions to get you started.
@@ -17,15 +15,8 @@ This section includes additional information on how to set up and run
{beatname_uc}, including:
* <>
-
* <>
-
* <>
-
-//* <>
-
-//* <>
-
* <>
@@ -37,8 +28,4 @@ include::../../libbeat/docs/keystore.asciidoc[]
include::../../libbeat/docs/command-reference.asciidoc[]
-//include::./running-on-docker.asciidoc[]
-
-//include::./running-on-kubernetes.asciidoc[]
-
include::../../libbeat/docs/shared-shutdown.asciidoc[]
diff --git a/docs/troubleshooting.asciidoc b/docs/troubleshooting.asciidoc
index fa25622e7f1..3c14416e3dc 100644
--- a/docs/troubleshooting.asciidoc
+++ b/docs/troubleshooting.asciidoc
@@ -4,8 +4,6 @@
[partintro]
--
-IMPORTANT: This documentation is placeholder content. It has not yet been reviewed.
-
If you have issues installing or running {beatname_uc}, read the
following tips: