diff --git a/docs/devguide/migrate-dashboards.asciidoc b/docs/devguide/migrate-dashboards.asciidoc index 56a16edf5355..64e94d008e19 100644 --- a/docs/devguide/migrate-dashboards.asciidoc +++ b/docs/devguide/migrate-dashboards.asciidoc @@ -91,8 +91,8 @@ dashboards: Using the yml file, you can export all the dashboards for a single module or for the entire Beat using a single command: [source,shell] ------------------- +---- cd metricbeat/module/system go run ../../../dev-tools/cmd/dashboards/export_dashboards.go -yml module.yml -------------------- +---- diff --git a/docs/devguide/newdashboards.asciidoc b/docs/devguide/newdashboards.asciidoc index 3c594fa4150c..0a642e484d7c 100644 --- a/docs/devguide/newdashboards.asciidoc +++ b/docs/devguide/newdashboards.asciidoc @@ -55,7 +55,7 @@ The `setup` phase loads: For more details about the `setup` command, run the following: [source,shell] -------------------------- +---- ./metricbeat help setup This command does initial setup of the environment: @@ -73,15 +73,15 @@ Flags: --machine-learning Setup machine learning job configurations only --modules string List of enabled modules (comma separated) --template Setup index template only ---------------------------- +---- The flags are useful when you don't want to load everything. For example, to import only the dashboards, use the `--dashboards` flag: [source,shell] ---------------------- +---- ./metricbeat setup --dashboards -------------------------------- +---- Starting with Beats 6.0.0, the dashboards are no longer loaded directly into Elasticsearch. Instead, they are imported directly into Kibana. Thus, if your Kibana instance is not listening on localhost, or you enabled @@ -90,9 +90,9 @@ the config for the Beat, or pass the Kibana host and credentials as arguments to the `setup` command. For example: [source,shell] -------------------------- +---- ./metricbeat setup -E setup.kibana.host=192.168.3.206:5601 -E setup.kibana.username=elastic -E setup.kibana.password=secret --------------------------- +---- By default, the `setup` command imports the dashboards from the `kibana` directory, which is available in the Beat package. diff --git a/filebeat/docs/index.asciidoc b/filebeat/docs/index.asciidoc index b9a3d392dee9..798f5601e88e 100644 --- a/filebeat/docs/index.asciidoc +++ b/filebeat/docs/index.asciidoc @@ -16,6 +16,12 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :has_ml_jobs: yes :has_central_config: :has_solutions: +:ignores_max_retries: +:has_docker_label_ex: +:has_decode_csv_fields_processor: +:has_script_processor: +:has_modules_command: +:has_registry: :deb_os: :rpm_os: :mac_os: diff --git a/journalbeat/docs/index.asciidoc b/journalbeat/docs/index.asciidoc index 48194e4607b9..cb6ad706342d 100644 --- a/journalbeat/docs/index.asciidoc +++ b/journalbeat/docs/index.asciidoc @@ -13,6 +13,8 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :github_repo_name: beats :discuss_forum: beats/{beatname_lc} :beat_default_index_prefix: {beatname_lc} +:has_decode_csv_fields_processor: +:has_script_processor: :deb_os: :rpm_os: :linux_os: diff --git a/libbeat/docs/command-reference.asciidoc b/libbeat/docs/command-reference.asciidoc index a63d485a83da..6f6f0806ba23 100644 --- a/libbeat/docs/command-reference.asciidoc +++ b/libbeat/docs/command-reference.asciidoc @@ -82,23 +82,23 @@ endif::[] [options="header"] |======================= |Commands | -ifeval::[("{beatname_lc}"=="functionbeat")] +ifeval::["{beatname_lc}"=="functionbeat"] |<> | {deploy-command-short-desc}. endif::[] |<> |{export-command-short-desc}. |<> |{help-command-short-desc}. |<> |{keystore-command-short-desc}. -ifeval::[("{beatname_lc}"=="functionbeat")] +ifeval::["{beatname_lc}"=="functionbeat"] |<> |{package-command-short-desc}. |<> |{remove-command-short-desc}. endif::[] -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="metricbeat")] +ifdef::has_modules_command[] |<> |{modules-command-short-desc}. endif::[] |<> |{run-command-short-desc}. |<> |{setup-command-short-desc}. |<> |{test-command-short-desc}. -ifeval::[("{beatname_lc}"=="functionbeat")] +ifeval::["{beatname_lc}"=="functionbeat"] |<> |{update-command-short-desc}. endif::[] |<> |{version-command-short-desc}. @@ -106,7 +106,7 @@ endif::[] Also see <>. -ifeval::[("{beatname_lc}"=="functionbeat")] +ifeval::["{beatname_lc}"=="functionbeat"] [[deploy-command]] ==== `deploy` command @@ -325,7 +325,7 @@ Shows help for the `keystore` command. See <> for more examples. -ifeval::[("{beatname_lc}"=="functionbeat")] +ifeval::["{beatname_lc}"=="functionbeat"] [[package-command]] ==== `package` command @@ -387,7 +387,7 @@ Shows help for the `remove` command. ----- endif::[] -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="metricbeat")] +ifdef::has_modules_command[] [[modules-command]] ==== `modules` command @@ -730,7 +730,7 @@ ifeval::["{beatname_lc}"=="metricbeat"] ----- endif::[] -ifeval::[("{beatname_lc}"=="functionbeat")] +ifeval::["{beatname_lc}"=="functionbeat"] [[update-command]] ==== `update` command diff --git a/libbeat/docs/outputconfig.asciidoc b/libbeat/docs/outputconfig.asciidoc index 496f9415fff9..d50291ed9aec 100644 --- a/libbeat/docs/outputconfig.asciidoc +++ b/libbeat/docs/outputconfig.asciidoc @@ -462,21 +462,17 @@ endif::[] ===== `max_retries` -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="winlogbeat")] - +ifdef::ignores_max_retries[] {beatname_uc} ignores the `max_retries` setting and retries indefinitely. - endif::[] -ifeval::[("{beatname_lc}"!="filebeat") and ("{beatname_lc}"!="winlogbeat")] - +ifndef::ignores_max_retries[] The number of times to retry publishing an event after a publishing failure. After the specified number of retries, the events are typically dropped. Set `max_retries` to a value less than 0 to retry until all events are published. The default is 3. - endif::[] @@ -729,21 +725,17 @@ The number of seconds to wait for responses from the Logstash server before timi ===== `max_retries` -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="winlogbeat")] - +ifdef::ignores_max_retries[] {beatname_uc} ignores the `max_retries` setting and retries indefinitely. - endif::[] -ifeval::[("{beatname_lc}"!="filebeat") and ("{beatname_lc}"!="winlogbeat")] - +ifndef::ignores_max_retries[] The number of times to retry publishing an event after a publishing failure. After the specified number of retries, the events are typically dropped. Set `max_retries` to a value less than 0 to retry until all events are published. The default is 3. - endif::[] ===== `bulk_max_size` @@ -965,21 +957,17 @@ metadata for the configured topics. The default is true. ===== `max_retries` -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="winlogbeat")] - +ifdef::ignores_max_retries[] {beatname_uc} ignores the `max_retries` setting and retries indefinitely. - endif::[] -ifeval::[("{beatname_lc}"!="filebeat") and ("{beatname_lc}"!="winlogbeat")] - +ifndef::ignores_max_retries[] The number of times to retry publishing an event after a publishing failure. After the specified number of retries, the events are typically dropped. Set `max_retries` to a value less than 0 to retry until all events are published. The default is 3. - endif::[] ===== `bulk_max_size` @@ -1225,21 +1213,17 @@ Redis after a network error. The default is 60s. ===== `max_retries` -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="winlogbeat")] - +ifdef::ignores_max_retries[] {beatname_uc} ignores the `max_retries` setting and retries indefinitely. - endif::[] -ifeval::["{beatname_lc}"!="filebeat" and "{beatname_lc}"!="winlogbeat"] - +ifndef::ignores_max_retries[] The number of times to retry publishing an event after a publishing failure. After the specified number of retries, the events are typically dropped. Set `max_retries` to a value less than 0 to retry until all events are published. The default is 3. - endif::[] diff --git a/libbeat/docs/processors-using.asciidoc b/libbeat/docs/processors-using.asciidoc index cf591cb71e84..7a682217cc58 100644 --- a/libbeat/docs/processors-using.asciidoc +++ b/libbeat/docs/processors-using.asciidoc @@ -67,7 +67,11 @@ ifeval::["{beatname_lc}"=="filebeat"] :processor-scope: input endif::[] -ifeval::["{beatname_lc}"=="auditbeat" or "{beatname_lc}"=="metricbeat"] +ifeval::["{beatname_lc}"=="auditbeat"] +:processor-scope: module +endif::[] + +ifeval::["{beatname_lc}"=="metricbeat"] :processor-scope: module endif::[] @@ -205,7 +209,7 @@ The supported processors are: * <> * <> * <> -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="journalbeat")] +ifdef::has_decode_csv_fields_processor[] * <> endif::[] * <> @@ -215,7 +219,7 @@ endif::[] * <> * <> * <> -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="winlogbeat") or ("{beatname_lc}"=="journalbeat")] +ifdef::has_script_processor[] * <> endif::[] @@ -779,7 +783,7 @@ Adds the environment field to every event: } ------------------------------------------------------------------------------- -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="journalbeat")] +ifdef::has_decode_csv_fields_processor[] [[decode-csv-fields]] === Decode CSV fields @@ -1525,7 +1529,7 @@ set to `true`, this condition will be ignored. output, to avoid leaking sensitive data. If `restricted_fields` is `true`, the field will be present in the output. -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="winlogbeat") or ("{beatname_lc}"=="journalbeat")] +ifdef::has_script_processor[] [[processor-script]] === Script Processor diff --git a/libbeat/docs/security/securing-beats.asciidoc b/libbeat/docs/security/securing-beats.asciidoc index 96c143397d4e..e9d5173fa4f7 100644 --- a/libbeat/docs/security/securing-beats.asciidoc +++ b/libbeat/docs/security/securing-beats.asciidoc @@ -2,6 +2,7 @@ [[securing-beats]] == Configure {beatname_uc} to use {security} +[subs="attributes"] ++++ Use {security} ++++ diff --git a/libbeat/docs/shared-central-management.asciidoc b/libbeat/docs/shared-central-management.asciidoc index 7eb6bbd1a3e6..0ea05773a821 100644 --- a/libbeat/docs/shared-central-management.asciidoc +++ b/libbeat/docs/shared-central-management.asciidoc @@ -146,7 +146,7 @@ ifndef::no_dashboards[] <> before enrolling the Beat. endif::[] -ifeval::[("{beatname_lc}"=="filebeat")] +ifeval::["{beatname_lc}"=="filebeat"] * If you plan to define module configurations in central management, set up the ingest pipelines before enrolling the Beat. For more information, see <>. diff --git a/libbeat/docs/shared-docker.asciidoc b/libbeat/docs/shared-docker.asciidoc index 21a82e982c3e..24520f212ea1 100644 --- a/libbeat/docs/shared-docker.asciidoc +++ b/libbeat/docs/shared-docker.asciidoc @@ -50,7 +50,37 @@ ifndef::no_dashboards[] endif::no_dashboards[] and machine learning jobs. Run this command: -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="metricbeat") or ("{beatname_lc}"=="heartbeat") or ("{beatname_lc}"=="journalbeat")] +ifeval::["{beatname_lc}"=="filebeat"] +["source", "sh", subs="attributes"] +-------------------------------------------- +docker run \ +{dockerimage} \ +setup -E setup.kibana.host=kibana:5601 \ +-E output.elasticsearch.hosts=["elasticsearch:9200"] <1> <2> +-------------------------------------------- +endif::[] + +ifeval::["{beatname_lc}"=="metricbeat"] +["source", "sh", subs="attributes"] +-------------------------------------------- +docker run \ +{dockerimage} \ +setup -E setup.kibana.host=kibana:5601 \ +-E output.elasticsearch.hosts=["elasticsearch:9200"] <1> <2> +-------------------------------------------- +endif::[] + +ifeval::["{beatname_lc}"=="heartbeat"] +["source", "sh", subs="attributes"] +-------------------------------------------- +docker run \ +{dockerimage} \ +setup -E setup.kibana.host=kibana:5601 \ +-E output.elasticsearch.hosts=["elasticsearch:9200"] <1> <2> +-------------------------------------------- +endif::[] + +ifeval::["{beatname_lc}"=="journalbeat"] ["source", "sh", subs="attributes"] -------------------------------------------- docker run \ @@ -117,7 +147,7 @@ curl -L -O {dockerconfig} One way to configure {beatname_uc} on Docker is to provide +{beatname_lc}.docker.yml+ via a volume mount. With +docker run+, the volume mount can be specified like this. -ifeval::[("{beatname_lc}"=="filebeat")] +ifeval::["{beatname_lc}"=="filebeat"] ["source", "sh", subs="attributes"] -------------------------------------------- docker run -d \ @@ -131,7 +161,7 @@ docker run -d \ -------------------------------------------- endif::[] -ifeval::[("{beatname_lc}"=="journalbeat")] +ifeval::["{beatname_lc}"=="journalbeat"] Make sure you include the path to the host's journal. The path might be `/var/log/journal` or `/run/log/journal`. @@ -197,7 +227,20 @@ docker run -d \ -------------------------------------------- endif::[] -ifeval::[("{beatname_lc}"=="heartbeat") or ("{beatname_lc}"=="apm-server")] +ifeval::["{beatname_lc}"=="heartbeat"] +["source", "sh", subs="attributes"] +-------------------------------------------- +docker run -d \ + --name={beatname_lc} \ + --user={beatname_lc} \ + --volume="$(pwd)/{beatname_lc}.docker.yml:/usr/share/{beatname_lc}/{beatname_lc}.yml:ro" \ + {dockerimage} \ + --strict.perms=false -e \ + -E output.elasticsearch.hosts=["elasticsearch:9200"] <1> <2> +-------------------------------------------- +endif::[] + +ifeval::["{beatname_lc}"=="apm-server"] ["source", "sh", subs="attributes"] -------------------------------------------- docker run -d \ @@ -217,8 +260,7 @@ using the syntax shown earlier. ===== Customize your configuration -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="metricbeat")] - +ifdef::has_docker_label_ex[] The +{beatname_lc}.docker.yml+ file you downloaded earlier is configured to deploy Beats modules based on the Docker labels applied to your containers. See <> for more details. Add labels to your application Docker containers, and they will be picked up by the Beats autodiscover feature when they are deployed. Here is an example command for an Apache HTTP Server container with labels to configure the Filebeat and Metricbeat modules for the Apache HTTP Server: ["source", "sh", subs="attributes"] @@ -235,11 +277,9 @@ docker run \ -p 8080:80 \ httpd:2.4 -------------------------------------------- - endif::[] -ifeval::[("{beatname_lc}"!="filebeat") and ("{beatname_lc}"!="metricbeat")] - +ifndef::has_docker_label_ex[] The +{beatname_lc}.docker.yml+ downloaded earlier should be customized for your environment. See <> for more details. Edit the configuration file and customize it to match your environment then re-deploy your {beatname_uc} container. endif::[] diff --git a/libbeat/docs/shared-path-config.asciidoc b/libbeat/docs/shared-path-config.asciidoc index 117c5aad34be..981a64f23df9 100644 --- a/libbeat/docs/shared-path-config.asciidoc +++ b/libbeat/docs/shared-path-config.asciidoc @@ -17,7 +17,7 @@ The `path` section of the +{beatname_lc}.yml+ config file contains configuration options that define where {beatname_uc} looks for its files. For example, {beatname_uc} looks for the Elasticsearch template file in the configuration path and writes log files in the logs path. -ifeval::["{beatname_lc}"=="filebeat" or "{beatname_lc}"=="winlogbeat"] +ifdef::has_registry[] {beatname_uc} looks for its registry files in the data path. endif::[] diff --git a/libbeat/docs/step-configure-output.asciidoc b/libbeat/docs/step-configure-output.asciidoc index d607ff074d63..fc2dff5b92d6 100644 --- a/libbeat/docs/step-configure-output.asciidoc +++ b/libbeat/docs/step-configure-output.asciidoc @@ -36,15 +36,9 @@ ifndef::has_module_steps[] -- + ifndef::only-elasticsearch[] -ifeval::["{beatname_lc}"!="filebeat" and "{beatname_lc}"!="winlogbeat"] To send output to {ls}, <> instead. For all other outputs, see <>. -endif::[] -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="winlogbeat")] -To send output to {ls}, make sure you configure the Logstash output in -<>. For all other outputs, see <>. -endif::[] endif::only-elasticsearch[] ifdef::only-elasticsearch[] {es} is currently the only output supported by {beatname_uc}. diff --git a/metricbeat/docs/index.asciidoc b/metricbeat/docs/index.asciidoc index 41af77ab88d6..7de3a9556772 100644 --- a/metricbeat/docs/index.asciidoc +++ b/metricbeat/docs/index.asciidoc @@ -16,6 +16,8 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :has_ml_jobs: yes :has_central_config: :has_solutions: +:has_docker_label_ex: +:has_modules_command: :deb_os: :rpm_os: :mac_os: diff --git a/winlogbeat/docs/index.asciidoc b/winlogbeat/docs/index.asciidoc index 6daae1776123..7654b557f02a 100644 --- a/winlogbeat/docs/index.asciidoc +++ b/winlogbeat/docs/index.asciidoc @@ -14,6 +14,9 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :discuss_forum: beats/{beatname_lc} :beat_default_index_prefix: {beatname_lc} :has_ml_jobs: yes +:has_registry: +:ignores_max_retries: +:has_script_processor: :win_os: :win_only: