From 41222dcc9a21235cecc32e4acf1f94158362cb35 Mon Sep 17 00:00:00 2001 From: Karen Metts Date: Wed, 2 Oct 2019 16:15:02 -0400 Subject: [PATCH 1/3] Update config example and bump to v6.0.3 --- CHANGELOG.md | 3 +++ VERSION | 2 +- docs/index.asciidoc | 33 ++++++++++++++++++--------------- 3 files changed, 22 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3d27c964..c2a5543c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +## 6.0.3 + - Updated configuration example in doc [#tbd](https://github.com/logstash-plugins/logstash-input-beats/pull/tbd) + ## 6.0.2 - Improved handling of invalid compressed content [#368](https://github.com/logstash-plugins/logstash-input-beats/pull/368) diff --git a/VERSION b/VERSION index 9b9a2442..090ea9da 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -6.0.2 +6.0.3 diff --git a/docs/index.asciidoc b/docs/index.asciidoc index 5165b0ca..8114c62d 100644 --- a/docs/index.asciidoc +++ b/docs/index.asciidoc @@ -27,8 +27,9 @@ https://www.elastic.co/products/beats[Elastic Beats] framework. The following example shows how to configure Logstash to listen on port 5044 for incoming Beats connections and to index into Elasticsearch. -[source,ruby] ------------------------------------------------------------------------------- +[source,logstash] +----- + input { beats { port => 5044 @@ -37,21 +38,23 @@ input { output { elasticsearch { - hosts => "localhost:9200" - manage_template => false - index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" <1> - document_type => "%{[@metadata][type]}" <2> + hosts => ["http://localhost:9200"] + index => "%{[@metadata][beat]}-%{[@metadata][version]}" <1> } } ------------------------------------------------------------------------------- -<1> Specifies the index to write events to. See <> for -more about this setting. -<2> Starting with Logstash 6.0, the `document_type` option is -deprecated due to the -https://www.elastic.co/guide/en/elasticsearch/reference/6.0/removal-of-types.html[removal of types in Logstash 6.0]. -It will be removed in the next major version of Logstash. If you are running -Logstash 6.0 or later, do not set `document_type` in your configuration because -Logstash sets the type to `doc` by default. +----- +<1> `%{[@metadata][beat]}` sets the first part of the index name to the value +of the `beat` metadata field and `%{[@metadata][version]}` sets the second part to +the Beat's version. For example: +metricbeat-7.4.0. + +Events indexed into Elasticsearch with the Logstash configuration shown here +will be similar to events directly indexed by beats into Elasticsearch. + +NOTE: If ILM is not being used, set `index` to +`%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}` instead so +Logstash creates an index per day, based on the `@timestamp` value of the events +coming from Beats. IMPORTANT: If you are shipping events that span multiple lines, you need to use the https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html[configuration options available in Filebeat] to handle multiline events From 5564e4f8ba5af37d0c0b74dfdba318b39ce744b0 Mon Sep 17 00:00:00 2001 From: Karen Metts <35154725+karenzone@users.noreply.github.com> Date: Wed, 2 Oct 2019 16:20:04 -0400 Subject: [PATCH 2/3] Added PR number to changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c2a5543c..d4ed4c27 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,5 @@ ## 6.0.3 - - Updated configuration example in doc [#tbd](https://github.com/logstash-plugins/logstash-input-beats/pull/tbd) + - Fixed configuration example in doc [#371](https://github.com/logstash-plugins/logstash-input-beats/pull/371) ## 6.0.2 - Improved handling of invalid compressed content [#368](https://github.com/logstash-plugins/logstash-input-beats/pull/368) From ab3119e1677f86ca5bedfd366291ed9ef5b36a2a Mon Sep 17 00:00:00 2001 From: Karen Metts <35154725+karenzone@users.noreply.github.com> Date: Thu, 3 Oct 2019 12:41:29 -0400 Subject: [PATCH 3/3] Update docs/index.asciidoc Co-Authored-By: DeDe Morton --- docs/index.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/index.asciidoc b/docs/index.asciidoc index 8114c62d..bc9c1d35 100644 --- a/docs/index.asciidoc +++ b/docs/index.asciidoc @@ -49,7 +49,7 @@ the Beat's version. For example: metricbeat-7.4.0. Events indexed into Elasticsearch with the Logstash configuration shown here -will be similar to events directly indexed by beats into Elasticsearch. +will be similar to events directly indexed by Beats into Elasticsearch. NOTE: If ILM is not being used, set `index` to `%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}` instead so