github-mirrors/VictoriaMetrics
1
0
Fork 0
mirror of https://github.com/VictoriaMetrics/VictoriaMetrics.git synced 2024-11-21 14:44:00 +00:00
Code Issues Projects Releases Packages Wiki Activity
VictoriaMetrics/deployment/docker/victorialogs/filebeat-syslog
History
Zakhar Bessarab 4e5a68ed08
deployment/docker: add VictoriaLogs (#4929) 
* deployment/docker: add VictoriaLogs configuration

Signed-off-by: Zakhar Bessarab <z.bessarab@victoriametrics.com>

* deployment/docker/victorialogs: remove outdated comment

It was added in order to indicate that it is required to build VictoriaLogs manually before starting it at the time there was no public release available.
Currently, there is a public tag and it is not required to build it from sources.

Signed-off-by: Zakhar Bessarab <z.bessarab@victoriametrics.com>

* deployment/docker/victorialogs/fluentbit: include log path in stream configuration

Signed-off-by: Zakhar Bessarab <z.bessarab@victoriametrics.com>

* deployment/docker: add reference to monitoring setup for VictoriaLogs

Signed-off-by: Zakhar Bessarab <z.bessarab@victoriametrics.com>

---------

Signed-off-by: Zakhar Bessarab <z.bessarab@victoriametrics.com>
2023-09-01 10:45:43 +02:00
..
docker-compose.yml deployment/docker: add VictoriaLogs (#4929) 2023-09-01 10:45:43 +02:00
filebeat.yml remove docker from filebeat syslog 2023-06-21 03:59:31 -07:00
README.md fix link vmui links in docker examples after the path chnage for vmui 2023-06-21 23:21:04 -07:00

README.md

Docker compose Filebeat integration with VictoriaLogs for syslog

The folder contains the example of integration of filebeat with Victorialogs

To spin-up environment run the following command:

docker compose up -d

To shut down the docker-compose environment run the following command:

docker compose down
docker compose rm -f

The docker compose file contains the following components:

  • filebeat - fileabeat is configured to accept syslog logs in rfc3164 format on 5140 port, you can find configuration in the filebeat.yml. It writes data in VictoriaLogs
  • VictoriaLogs - the log database, it accepts the data from filebeat by elastic protocol

Querying the data

  • vmui - a web UI is accessible by http://localhost:9428/select/vmui
  • for querying the data via command-line please check these docs

the example of filebeat configuration(filebeat.yml)

filebeat.inputs:
  - type: syslog
    format: rfc3164
    protocol.tcp:
      host: "0.0.0.0:5140"

output.elasticsearch:
  hosts: [ "http://victorialogs:9428/insert/elasticsearch/" ]
  worker: 5
  bulk_max_size: 1000
  parameters:
    _msg_field: "message"
    _time_field: "@timestamp"
    _stream_fields: "host.name,process.program,process.pid,container.name"

Please, note that _stream_fields parameter must follow recommended best practices to achieve better performance.