filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log #This is the canonical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. paths: - /var/log/onap/*/*/*.log - /var/log/onap/*/*.log #Files older than this should be ignored. In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive ignore_older: 48h #Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records within limit clean_inactive: 96h #Name of the registry file. If a relative path is used, it is considered relative to the data path. Else full qualified file name. #filebeat.registry_file: ${path.data}/registry output.logstash: #List of logstash server ip addresses with port number. #But, in our case, this will be the loadbalancer IP address. #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. hosts: ["loadbalancer.onap:5044"] #If enable will do load balancing among availabe Logstash, automatically. loadbalance: true #The list of root certificates for server verifications. #If certificate_authorities is empty or not set, the trusted #certificate authorities of the host system are used. #ssl.certificate_authorities: $ssl.certificate_authorities #The path to the certificate for SSL client authentication. If the certificate is not specified, #client authentication is not available. #ssl.certificate: $ssl.certificate #The client certificate key used for client authentication. #ssl.key: $ssl.key #The passphrase used to decrypt an encrypted key stored in the configured key file #ssl.key_passphrase: $ssl.key_passphrase