diff --git a/filebeat/docs/getting-started.asciidoc b/filebeat/docs/getting-started.asciidoc index bde8566ed34..fce0bb6f1ff 100644 --- a/filebeat/docs/getting-started.asciidoc +++ b/filebeat/docs/getting-started.asciidoc @@ -231,10 +231,7 @@ sudo service {beatname_lc} start *docker:* -["source", "shell", subs="attributes"] ----------------------------------------------------------------------- -docker run {dockerimage} ----------------------------------------------------------------------- +See <>. *mac and linux:* diff --git a/filebeat/docs/modules-getting-started.asciidoc b/filebeat/docs/modules-getting-started.asciidoc index a3733f303d3..4cf4e52208e 100644 --- a/filebeat/docs/modules-getting-started.asciidoc +++ b/filebeat/docs/modules-getting-started.asciidoc @@ -100,7 +100,7 @@ load the ingest pipelines manually. To do this, run the `setup` command with the `--pipelines` option specified. If you used the <> command to enable modules in the `modules.d` directory, also specify the `--modules` flag. For example, the following command -loads the ingest pipelines used by all metricsets enabled in the system, nginx, +loads the ingest pipelines used by all filesets enabled in the system, nginx, and mysql modules: // override modulename attribute so it works with the --modules option @@ -134,5 +134,9 @@ and mysql modules: PS > .{backslash}{beatname_lc}.exe setup --pipelines --modules {modulename} ---- +TIP: If you're loading ingest pipelines manually because you want to send events +to {ls}, also see +{logstash-ref}/filebeat-modules.html[Working with {beatname_uc} modules]. + :has_module_steps!: :modulename!: diff --git a/journalbeat/docs/general-options.asciidoc b/journalbeat/docs/general-options.asciidoc index 5b80774711f..12dfc390b31 100644 --- a/journalbeat/docs/general-options.asciidoc +++ b/journalbeat/docs/general-options.asciidoc @@ -29,26 +29,28 @@ data path. See the <> section for details. The default is `${p ---- [float] -==== `backoff` +==== `backoff` deprecated[5.6.1,Use the option under `paths` instead.] + This option is valid as a global setting under the +{beatname_lc}+ namespace or under `paths`. For a description of this option, see <<{beatname_lc}-backoff,`backoff`>>. [float] -==== `max_backoff` +==== `max_backoff` deprecated[5.6.1,Use the option under `paths` instead.] + This option is valid as a global setting under the +{beatname_lc}+ namespace or under `paths`. For a description of this option, see <<{beatname_lc}-max-backoff,`max_backoff`>>. [float] -==== `seek` +==== `seek` deprecated[5.6.1,Use the option under `paths` instead.] This option is valid as a global setting under the +{beatname_lc}+ namespace or under `paths`. For a description of this option, see <<{beatname_lc}-seek,`seek`>>. [float] -==== `include_matches` +==== `include_matches` deprecated[5.6.1,Use the option under `paths` instead.] This option is valid as a global setting under the +{beatname_lc}+ namespace or under `paths`. For a description of this option, see diff --git a/journalbeat/docs/getting-started.asciidoc b/journalbeat/docs/getting-started.asciidoc index f598948a93e..df2f124555e 100644 --- a/journalbeat/docs/getting-started.asciidoc +++ b/journalbeat/docs/getting-started.asciidoc @@ -6,7 +6,9 @@ include::{libbeat-dir}/docs/shared-getting-started-intro.asciidoc[] * <<{beatname_lc}-installation>> * <<{beatname_lc}-configuration>> * <<{beatname_lc}-template>> +* <> * <<{beatname_lc}-starting>> +* <> * <> [id="{beatname_lc}-installation"] @@ -159,8 +161,15 @@ include::{libbeat-dir}/docs/step-look-at-config.asciidoc[] include::{libbeat-dir}/docs/shared-template-load.asciidoc[] +[[load-kibana-dashboards]] +=== Step 4: Set up the Kibana dashboards + +:requires-sudo: yes +include::../../libbeat/docs/dashboards.asciidoc[] +:requires-sudo!: + [id="{beatname_lc}-starting"] -=== Step 4: Start {beatname_uc} +=== Step 5: Start {beatname_uc} Start {beatname_uc} by issuing the appropriate command for your platform. If you are accessing a secured Elasticsearch cluster, make sure you've configured @@ -193,18 +202,27 @@ in the _Beats Platform Reference_. {beatname_uc} is now ready to send journal events to the defined output. [[view-kibana-dashboards]] -=== Step 5: View your data in Kibana +=== Step 6: View the sample Kibana dashboards + +To make it easier for you to visualize your log data, we have created example +{beatname_uc} dashboards. You loaded the dashboards earlier when you ran the +`setup` command. + +include::../../libbeat/docs/opendashboards.asciidoc[] + +The dashboards are provided as examples. We recommend that you +{kibana-ref}/dashboard.html[customize] them to meet your needs. -There are currently no example dashboards available for {beatname_uc}. +[role="screenshot"] +image:./images/journald-log-data.png[Journald data] -To learn how to view and explore your data, see the -_{kibana-ref}/index.html[{kib} User Guide]_. [NOTE] ===== -By default, the Logs UI in {kib} only shows logs from `filebeat-*` -indexes. To show {beatname_uc} indexes, add the following settings to the {kib} -configuration: +You can also use the {infra-guide}/logs-ui-overview.html[Logs UI] in {kib} to +tail logs in real time. By default, however, the Logs UI only shows logs from +`filebeat-*` indexes. To show {beatname_uc} indexes, add the following settings +to the {kib} configuration: [source,yaml] ---- diff --git a/journalbeat/docs/images/journald-log-data.png b/journalbeat/docs/images/journald-log-data.png new file mode 100644 index 00000000000..9a746e96837 Binary files /dev/null and b/journalbeat/docs/images/journald-log-data.png differ diff --git a/journalbeat/docs/images/kibana-created-indexes.png b/journalbeat/docs/images/kibana-created-indexes.png index ad9c65ae1c7..0906a90e71c 100644 Binary files a/journalbeat/docs/images/kibana-created-indexes.png and b/journalbeat/docs/images/kibana-created-indexes.png differ diff --git a/journalbeat/docs/images/kibana-navigation-vis.png b/journalbeat/docs/images/kibana-navigation-vis.png index 8f7ce06c5cd..881157e7a1b 100644 Binary files a/journalbeat/docs/images/kibana-navigation-vis.png and b/journalbeat/docs/images/kibana-navigation-vis.png differ diff --git a/journalbeat/docs/index.asciidoc b/journalbeat/docs/index.asciidoc index 48194e4607b..c8967c01664 100644 --- a/journalbeat/docs/index.asciidoc +++ b/journalbeat/docs/index.asciidoc @@ -17,7 +17,6 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :rpm_os: :linux_os: :docker_platform: -:no_dashboards: include::{libbeat-dir}/docs/shared-beats-attributes.asciidoc[] diff --git a/journalbeat/docs/overview.asciidoc b/journalbeat/docs/overview.asciidoc index 815de9bc8a0..96f7098981b 100644 --- a/journalbeat/docs/overview.asciidoc +++ b/journalbeat/docs/overview.asciidoc @@ -13,3 +13,9 @@ https://www.elastic.co/products/elasticsearch[Elasticsearch] or https://www.elastic.co/products/logstash[Logstash]. include::{libbeat-dir}/docs/shared-libbeat-description.asciidoc[] + +[float] +=== Compatibility + +{beatname_uc} requires systemd v233 or later. Versions prior to systemd v233 +have a defect that prevents {beatname_uc} from reading rotated journals. diff --git a/libbeat/docs/loggingconfig.asciidoc b/libbeat/docs/loggingconfig.asciidoc index e0e87f66296..62b0577763e 100644 --- a/libbeat/docs/loggingconfig.asciidoc +++ b/libbeat/docs/loggingconfig.asciidoc @@ -19,6 +19,7 @@ ifndef::serverless[] The logging system can write logs to the syslog or rotate log files. If logging is not explicitly configured the file output is used. +ifndef::win_only[] ["source","yaml",subs="attributes"] ---- logging.level: info @@ -29,6 +30,20 @@ logging.files: keepfiles: 7 permissions: 0644 ---- +endif::win_only[] + +ifdef::win_only[] +["source","yaml",subs="attributes"] +---- +logging.level: info +logging.to_files: true +logging.files: + path: C:{backslash}ProgramData{backslash}{beatname_lc}{backslash}Logs + name: {beatname_lc} + keepfiles: 7 + permissions: 0644 +---- +endif::win_only[] TIP: In addition to setting logging options in the config file, you can modify the logging output configuration from the command line. See diff --git a/libbeat/docs/opendashboards.asciidoc b/libbeat/docs/opendashboards.asciidoc index 3dbed60dd04..541a4497c3f 100644 --- a/libbeat/docs/opendashboards.asciidoc +++ b/libbeat/docs/opendashboards.asciidoc @@ -21,11 +21,11 @@ pattern is selected to see {beatname_uc} data. [role="screenshot"] image:./images/kibana-created-indexes.png[Discover tab with index selected] -Go to the *Dashboard* page and select the dashboard that you want to open. - TIP: If you don’t see data in {kib}, try changing the date range to a larger range. By default, {kib} shows the last 15 minutes. +Go to the *Dashboard* page and select the dashboard that you want to open. + [role="screenshot"] image:./images/kibana-navigation-vis.png[Navigation widget in Kibana] diff --git a/libbeat/docs/security/basic-auth.asciidoc b/libbeat/docs/security/basic-auth.asciidoc index 9c6ea0ec436..986b277d630 100644 --- a/libbeat/docs/security/basic-auth.asciidoc +++ b/libbeat/docs/security/basic-auth.asciidoc @@ -79,12 +79,12 @@ rollover indices: -- ["source","sh",subs="attributes"] --------------------------------------------------------------- -POST _xpack/security/role/{beatname_lc}_ilm +POST _xpack/security/role/{beat_default_index_prefix}_ilm { "cluster": ["manage_ilm"], "indices": [ { - "names": [ "{beatname_lc}-*","shrink-{beatname_lc}-*"], + "names": [ "{beat_default_index_prefix}-*","shrink-{beat_default_index_prefix}-*"], "privileges": ["write","create_index","manage","manage_ilm"] } ] diff --git a/libbeat/docs/shared-beats-attributes.asciidoc b/libbeat/docs/shared-beats-attributes.asciidoc index 88f1d2d6aba..e52a25e11a7 100644 --- a/libbeat/docs/shared-beats-attributes.asciidoc +++ b/libbeat/docs/shared-beats-attributes.asciidoc @@ -14,7 +14,6 @@ :monitoringdoc: https://www.elastic.co/guide/en/elastic-stack-overview/{doc-branch} :dashboards: https://artifacts.elastic.co/downloads/beats/beats-dashboards/beats-dashboards-{stack-version}.zip :dockerimage: docker.elastic.co/beats/{beatname_lc}:{version} -:dockergithub: https://github.com/elastic/beats-docker/tree/{doc-branch} :dockerconfig: https://raw.githubusercontent.com/elastic/beats/{doc-branch}/deploy/docker/{beatname_lc}.docker.yml :downloads: https://artifacts.elastic.co/downloads/beats :ES-version: {stack-version} diff --git a/libbeat/docs/shared-docker.asciidoc b/libbeat/docs/shared-docker.asciidoc index 43c3dc1d54c..eda2b026e27 100644 --- a/libbeat/docs/shared-docker.asciidoc +++ b/libbeat/docs/shared-docker.asciidoc @@ -5,8 +5,7 @@ Docker images for {beatname_uc} are available from the Elastic Docker registry. The base image is https://hub.docker.com/_/centos/[centos:7]. A list of all published Docker images and tags is available at -https://www.docker.elastic.co[www.docker.elastic.co]. The source code is in -{dockergithub}[GitHub]. +https://www.docker.elastic.co[www.docker.elastic.co]. These images are free to use under the Elastic license. They contain open source and free commercial features and access to paid commercial features. diff --git a/libbeat/docs/shared-logstash-config.asciidoc b/libbeat/docs/shared-logstash-config.asciidoc index e849f619504..68d05155c56 100644 --- a/libbeat/docs/shared-logstash-config.asciidoc +++ b/libbeat/docs/shared-logstash-config.asciidoc @@ -22,7 +22,7 @@ the {stack} getting started tutorial. Also see the documentation for the If you want to use {ls} to perform additional processing on the data collected by {beatname_uc}, you need to configure {beatname_uc} to use {ls}. -To do this, you edit the {beatname_uc} configuration file to disable the Elasticsearch +To do this, you edit the {beatname_uc} configuration file to disable the {es} output by commenting it out and enable the {ls} output by uncommenting the logstash section: @@ -36,8 +36,14 @@ output.logstash: The `hosts` option specifies the {ls} server and the port (`5044`) where {ls} is configured to listen for incoming Beats connections. -For this configuration, you must <> -because the options for auto loading the template are only available for the Elasticsearch output. +For this configuration, you must <> +because the options for auto loading the template are only available for the {es} output. + +ifeval::["{beatname_lc}"=="filebeat"] +Want to use <> with {ls}? You need to do +some extra setup. For more information, see +{logstash-ref}/filebeat-modules.html[Working with {beatname_uc} modules]. +endif::[] ifndef::win-only[] ifndef::apm-server[] diff --git a/packetbeat/docs/gettingstarted.asciidoc b/packetbeat/docs/gettingstarted.asciidoc index 0f3db33a9b0..4d30833596b 100644 --- a/packetbeat/docs/gettingstarted.asciidoc +++ b/packetbeat/docs/gettingstarted.asciidoc @@ -270,10 +270,7 @@ sudo service {beatname_lc} start *docker:* -["source","sh",subs="attributes"] ----------------------------------------------------------------------- -docker run {dockerimage} ----------------------------------------------------------------------- +See <>. *mac and linux:* diff --git a/winlogbeat/docs/getting-started.asciidoc b/winlogbeat/docs/getting-started.asciidoc index 39dfed2dc4d..62459a1ca4b 100644 --- a/winlogbeat/docs/getting-started.asciidoc +++ b/winlogbeat/docs/getting-started.asciidoc @@ -74,7 +74,7 @@ output.elasticsearch: logging.to_files: true logging.files: - path: C:/ProgramData/winlogbeat/Logs + path: C:\ProgramData\winlogbeat\Logs logging.level: info --------------------------------------------------------------------------------