Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Then, set the output to file in the Beat's yml file (in either /etc/packetbeat/packetbeat.yml or /etc/topbeat/topbeat.yml):

Kodeblok
title/etc/packetbeat/packetbeat.yml
# Configure what outputs to use when sending the data collected by the beat.
# Multiple outputs may be used.
output:
...
...
### File as output
  file:
    # Path to the directory where to save the generated files. The option is mandatory.
    path: "/tmp/topbeatpacketbeat"
    # Name of the generated files. The default is `topbeat``packetbeat` and it generates files: `topbeat``packetbeat`, `topbeat`packetbeat.1`, `topbeat`packetbeat.2`, etc.
    filename: topbeatpacketbeat
    # Maximum size in kilobytes of each file. When this size is reached, the files are
    # rotated. The default value is 10 MB.
    rotate_every_kb: 10000
    # Maximum number of files under path. When this number of files is reached, the
    # oldest file is deleted and the rest are shifted from last to first. The default
    # is 7 files.
    number_of_files: 7

...

Then add, the file to splunk input.conf:

Kodeblok
titleinput.conf
[monitor:///tmp/packetbeat/packetbeat]
host=moserver
index=packetbeat
sourcetype=packetbeat-output
[monitor:///tmp/topbeat/topbeat]
host=moserver
index=topbeat
sourcetype=topbeat-output

...