Page History
...
Then, set the output to file in the Beat's yml file (in either /etc/packetbeat/packetbeat.yml or /etc/topbeat/topbeat.yml):
Kodeblok | ||
---|---|---|
| ||
# Configure what outputs to use when sending the data collected by the beat. # Multiple outputs may be used. output: ... ... ### File as output file: # Path to the directory where to save the generated files. The option is mandatory. path: "/tmp/topbeatpacketbeat" # Name of the generated files. The default is `topbeat``packetbeat` and it generates files: `topbeat``packetbeat`, `topbeat`packetbeat.1`, `topbeat`packetbeat.2`, etc. filename: topbeatpacketbeat # Maximum size in kilobytes of each file. When this size is reached, the files are # rotated. The default value is 10 MB. rotate_every_kb: 10000 # Maximum number of files under path. When this number of files is reached, the # oldest file is deleted and the rest are shifted from last to first. The default # is 7 files. number_of_files: 7 |
...
Then add, the file to splunk input.conf:
Kodeblok | ||
---|---|---|
| ||
[monitor:///tmp/packetbeat/packetbeat] host=moserver index=packetbeat sourcetype=packetbeat-output [monitor:///tmp/topbeat/topbeat] host=moserver index=topbeat sourcetype=topbeat-output |
...