browbeat/ansible/install/roles/logstash/files/30-elasticsearch-output.conf
Will Foster 21f1f28ab3 Add ELK stack and ELK client Ansible playbooks.
Fixes for this patchset:
- split out elk-openstack-client.yml to match what's done elsewhere

Fixes for patchset #11:
- split out filebeat into separate role for openstack clients
- update README.md to use elk-openstack-client.yml for this purpose
- cleanup filebeat.yml.j2 to use correct syntax (no need for " anymore)

Fixes for patchset #10:
- add SELinux boolean "httpd_can_network_connect"
- add libsemanage-python package dependency for booleans

Fixes for patchset #9:
- fix for RHEL7 clients, we need to specify remote EPEL rpm
- RHEL7 clients need rpm_key module to import EPEL GPG key
- switch to using uri module instead of curl for checking elasticsearch indices
- add python-httplib2 dependency (needed for uri module)
- use curl -XPOST instead of PUT for filebeat index template in elasticsearch

Fixes from patchset #7
- remove unneeded rpm usage, switch to yum module
- add logic to heapsize tuning so systems > 64G of memory will
  never exceed the 32G recommended heapsize
- logic fix for prepopulating local logs into logstash
- remove elasticsearch.yml, rpm provides this and we're not
  customizing it yet

Fixes from patchset #6:
- use yum repo Ansible module where we can
- remove unecessary EPEL installation (only nginx needs it)
- disable EPEL repo after installation to avoid OpenStack breakage

This adds:

(ELK Server)
- Automated ELK stack deployment
- SSL client generation
- Heap size tuning (1/2 of available memory)
- Firewall port additions (depending on active or not)
  - Supports either firewalld or iptables-services
- Additional upstream Filebeat Kibana dashboards

(ELK Client)
- Sets up filebeat with appropriate SSL certificates
  - utilizes both hostnames and SubjectAltName support (for environments without
    DNS services).

(Usage)

ansible-playbook -i hosts install/elk.yml
ansible-playbook -i hosts install/elk-client.yml --extra-vars 'elk_server=X.X.X.X'

Change-Id: Iee29f985e0bbcdf706ad869f132d4c0f1593a6b6
2016-05-03 15:22:00 -04:00

10 lines
246 B
Plaintext

output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}