Coralogix provides seamless integration with Filebeat so you can send your logs from anywhere and parse them according to your needs.
Prerequisites
Have Filebeat installed, for more information on how to install: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation.html
General
Private Key – A unique ID which represents your company, this Id will be sent to your mail once you register to Coralogix.
Company Id – A unique number which represents your company. You can get your company id from the settings tab in the Coralogix dashbaord.
Application Name – The name of your main application, for example, a company named “SuperData” would probably insert the “SuperData” string parameter or if they want to debug their test environment they might insert the “SuperData– Test”.
SubSystem Name – Your application probably has multiple subsystems, for example: Backend servers, Middleware, Frontend servers etc. in order to help you examine the data you need, inserting the subsystem parameter is vital.
Configuration
Open your Filebeat configuration file and configure it to use Logstash (Make sure you disable Elastic output). For more information about configuring filebeat to use logstash please refer to: https://www.elastic.co/guide/en/beats/filebeat/current/config-filebeat-logstash.html
Point your filebeat to output to Coralogix logstash server: logstashserver.coralogix.com:5044
In addition, you should add Coralogix configuration from the General section.
Here is a basic example of filebeat.yml
#=========================== Filebeat prospectors ============================= filebeat.prospectors: - input_type: log paths: - /var/log/my_app/my_app.* fields: PRIVATE_KEY: "YOUR_PRIVATE_KEY" COMPANY_ID: *Your company ID" APP_NAME: "APP_NAME" SUB_SYSTEM: "SUB_NAME" #-------------------------- Elasticsearch output ------------------------------ #output.elasticsearch: # Array of hosts to connect to. # hosts: ["localhost:9200"] #----------------------------- Logstash output -------------------------------- output.logstash: hosts: ["logstashserver.coralogix. com:5044 "]
To ship logs with Filebeat using SSL:
1. Download the Coralogix certificate from HERE
2. Edit the Logstash output section in your filebeat.yml to change the port and include the certificate path:
hosts: [“logstashserver.coralogix.com
tls.certificate_authorities: [‘ca.crt’]
ssl.certificate_authorities: [‘ca.crt’]
