In this post we will make Opensearch work with Filebeat and logstash to send, parse and analyze logs.
Installing Filebeat and Logstash
Download Filebeat here and Logstash here.
Configurations
In filebeat.yml, enter the following:
filebeat.inputs:
- type: filestream
id: my-filestream-id
enabled: true
paths:
- C:\logs\*.log
output.logstash:
hosts: ["localhost:5044"]
In paths, you can specify any path were you will be storing your logs. Since this is a simple tutorial for testing the setup, I created a logs folder in C, were I manually added some sample logs.
In logstash.conf, enter the following:
input {
beats {
port => 5044
}
}
output {
stdout { codec => rubydebug }
opensearch {
hosts => ["https://localhost:9200"]
user => "OPENSEARCH_USER"
password => "OPENSEARCH_PASSWORD"
ssl => true
ssl_certificate_verification => false
index => "filebeat-%{+YYYY.MM.dd}"
}
}
Running
In the filebeat installation path, execute:
.\filebeat.exe -e -c filebeat.yml
in the bin subdirectory of the logstash installation path, execute:
.\logstash.bat -f ..\logstash.conf
If everything is correct, when you add some logs to the specified directory in filebeat.yml, you should see them in the console of logstash, and then they should be sent to Opensearch. You can create an index pattern by going to Management -> Dashboards Management and selecting the filebeat-%{+YYYY.MM.dd} index.
