Elastic
Elastic Cheatsheet
Elastic Cheatsheet
Searching
Searching
search custom log file for string that contains "cat"
log.file.path : "/var/log/mylog" and message : "%cat%"
can also enter "cat" into search bar and press Refresh
query if string includes,
system.filesystem.used.pct > .9 AND system.filesystem.mount_point : ("/home" OR "/" OR "/var") AND NOT host.hostname: *test* *qbdev*
Filebeat
Filebeat
debug filebeat output
start filebeat agent manually
root@host> filebeat -c config.yml -e -d "*"