# filebeat.yml

filebeat.prospectors:
- type: log
  json.keys_under_root: true
# Json key name, which value contains a sub JSON document produced by our application Console Appender  
  json.message_key: log
  enabled: true
  encoding: utf-8
  document_type: docker
  paths:
# Location of all our Docker log files (mapped volume in docker-compose.yml)  
    - '/usr/share/filebeat/dockerlogs/*/*.log'
processors:
# decode the log field (sub JSON document) if JSONencoded, then maps it's fields to elasticsearch fields
- decode_json_fields:
    fields: ["log"]
    target: ""
# overwrite existing target elasticsearch fields while decoding json fields
    overwrite_keys: true
- add_docker_metadata: ~
 
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false

setup.template.settings:
  index.number_of_shards: 3
  
setup.kibana:
# if your kibana is local you can change it to 127.0.0.1:80
  host: "10.110.4.100:80"
  protocol: "http"
# identification required for X-pack  
  username: "my_login"
  password: "my_password"
# path needed if kibana not at website root  
  path: "/kibana"

output.elasticsearch:
# if your elasticsearch is local you can change it to 127.0.0.1:9200
  hosts: ["10.110.4.100:9200"]
  template:
    name: "filebeat"
    path: "fields.yml"
    overwrite: false
  protocol: "http"
# identification required for X-pack  
  username: "my_login"
  password: "my_password"

# Write Filebeat own logs only to file to avoid catching them with itself in docker log files
logging.to_files: true
logging.to_syslog: false

# X-pack optional module
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch: