VictoriaMetrics/deployment/docker/victorialogs/filebeat-syslog
Aliaksandr Valialkin f45f39d80e
Revert "deployment/docs: use lower-case links to VictoriaLogs docs"
This reverts commit a0937b01c1.

Reason for revert: MixedCase links started working again.
See, for example, https://docs.victoriametrics.com/VictoriaLogs/querying/#vmui
2024-03-17 23:13:23 +02:00
..
docker-compose.yml deployment: update VictoriaLogs docker image from v0.4.2-victorialogs to v0.5.0-victorialogs 2024-03-01 04:18:40 +02:00
filebeat.yml remove docker from filebeat syslog 2023-06-21 03:59:31 -07:00
README.md Revert "deployment/docs: use lower-case links to VictoriaLogs docs" 2024-03-17 23:13:23 +02:00

Docker compose Filebeat integration with VictoriaLogs for syslog

The folder contains the example of integration of filebeat with Victorialogs

To spin-up environment run the following command:

docker compose up -d 

To shut down the docker-compose environment run the following command:

docker compose down
docker compose rm -f

The docker compose file contains the following components:

  • filebeat - fileabeat is configured to accept syslog logs in rfc3164 format on 5140 port, you can find configuration in the filebeat.yml. It writes data in VictoriaLogs
  • VictoriaLogs - the log database, it accepts the data from filebeat by elastic protocol

Querying the data

  • vmui - a web UI is accessible by http://localhost:9428/select/vmui
  • for querying the data via command-line please check these docs

the example of filebeat configuration(filebeat.yml)

filebeat.inputs:
  - type: syslog
    format: rfc3164
    protocol.tcp:
      host: "0.0.0.0:5140"

output.elasticsearch:
  hosts: [ "http://victorialogs:9428/insert/elasticsearch/" ]
  worker: 5
  bulk_max_size: 1000
  parameters:
    _msg_field: "message"
    _time_field: "@timestamp"
    _stream_fields: "host.name,process.program,process.pid,container.name"

Please, note that _stream_fields parameter must follow recommended best practices to achieve better performance.