In filebeat.yml, add the file you are watching to the ‘paths’ section as follows:
paths:
- /var/log/my.log
### Logstash as output
logstash:
# The Logstash hosts
hosts: ["192.168.0.1:5044"]
This will forward the contents of my.log to logstash.
If, like me, you like to keep traffic and load to a minimum, then you can add this to filebeat.yml:
scan_frequency: 180s
And if, in your logstash config, you want to be able to know which input you are handing, then define the ‘type’ as follows:
document_type: mylog
