Sidehistorik
...
Before Humio, my log collector in filebeat.yml looked like this:
Kodeblok |
---|
- input_type: log paths: - /var/log/apache2/www.mos-eisley.dk-*.log document_type: apache |
...
And it seems, that "document_type" becomes the parser selected in Humio. As Default parser for such Apache log files are "accesslog" I cloned that one to "apache"; but I could also choose to change the "document_type" in filebeat.yml:
Do remember to add
Kodeblok |
---|
queue.mem: events: 8000 flush.min_events: 1000 flush.timeout: 1s |
...