diff --git a/auditbeat/docs/fields.asciidoc b/auditbeat/docs/fields.asciidoc index 0633c9147a5..23ce242a71c 100644 --- a/auditbeat/docs/fields.asciidoc +++ b/auditbeat/docs/fields.asciidoc @@ -3061,6 +3061,8 @@ type: text The path to the file. +-- + *`file.path.raw`*:: + -- @@ -3069,8 +3071,6 @@ type: keyword The path to the file. This is a non-analyzed field that is useful for aggregations. --- - -- *`file.target_path`*:: @@ -3214,6 +3214,8 @@ type: text An array of strings describing a possible external origin for this file. For example, the URL it was downloaded from. Only supported in macOS, via the kMDItemWhereFroms attribute. Omitted if origin information is not available. +-- + *`file.origin.raw`*:: + -- @@ -3222,8 +3224,6 @@ type: keyword This is a non-analyzed field that is useful for aggregations on the origin data. --- - -- [float] diff --git a/docs/devguide/migrate-dashboards.asciidoc b/docs/devguide/migrate-dashboards.asciidoc index 56a16edf535..64e94d008e1 100644 --- a/docs/devguide/migrate-dashboards.asciidoc +++ b/docs/devguide/migrate-dashboards.asciidoc @@ -91,8 +91,8 @@ dashboards: Using the yml file, you can export all the dashboards for a single module or for the entire Beat using a single command: [source,shell] ------------------- +---- cd metricbeat/module/system go run ../../../dev-tools/cmd/dashboards/export_dashboards.go -yml module.yml -------------------- +---- diff --git a/docs/devguide/newdashboards.asciidoc b/docs/devguide/newdashboards.asciidoc index a203c5e4217..e8d4437b015 100644 --- a/docs/devguide/newdashboards.asciidoc +++ b/docs/devguide/newdashboards.asciidoc @@ -55,7 +55,7 @@ The `setup` phase loads: For more details about the `setup` command, run the following: [source,shell] -------------------------- +---- ./metricbeat help setup This command does initial setup of the environment: @@ -73,15 +73,15 @@ Flags: --machine-learning Setup machine learning job configurations only --modules string List of enabled modules (comma separated) --template Setup index template only ---------------------------- +---- The flags are useful when you don't want to load everything. For example, to import only the dashboards, use the `--dashboards` flag: [source,shell] ---------------------- +---- ./metricbeat setup --dashboards -------------------------------- +---- Starting with Beats 6.0.0, the dashboards are no longer loaded directly into Elasticsearch. Instead, they are imported directly into Kibana. Thus, if your Kibana instance is not listening on localhost, or you enabled @@ -90,9 +90,9 @@ the config for the Beat, or pass the Kibana host and credentials as arguments to the `setup` command. For example: [source,shell] -------------------------- +---- ./metricbeat setup -E setup.kibana.host=192.168.3.206:5601 -E setup.kibana.username=elastic -E setup.kibana.password=secret --------------------------- +---- By default, the `setup` command imports the dashboards from the `kibana` directory, which is available in the Beat package. diff --git a/filebeat/docs/index.asciidoc b/filebeat/docs/index.asciidoc index 84cc0313d54..a544d201a6b 100644 --- a/filebeat/docs/index.asciidoc +++ b/filebeat/docs/index.asciidoc @@ -16,6 +16,10 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :has_ml_jobs: yes :has_central_config: :has_solutions: +:ignores_max_retries: +:has_docker_label_ex: +:has_modules_command: +:has_registry: :deb_os: :rpm_os: :mac_os: diff --git a/heartbeat/docs/fields.asciidoc b/heartbeat/docs/fields.asciidoc index ceaf8d43087..385df837416 100644 --- a/heartbeat/docs/fields.asciidoc +++ b/heartbeat/docs/fields.asciidoc @@ -625,6 +625,8 @@ type: text Service url used by monitor. +-- + *`http.url.raw`*:: + -- @@ -633,8 +635,6 @@ type: keyword The service url used by monitor. This is a non-analyzed field that is useful for aggregations. --- - -- [float] diff --git a/journalbeat/docs/config-options.asciidoc b/journalbeat/docs/config-options.asciidoc index 4cfdb7d9e09..a52f741c0c8 100644 --- a/journalbeat/docs/config-options.asciidoc +++ b/journalbeat/docs/config-options.asciidoc @@ -101,7 +101,7 @@ The maximum number of seconds to wait before attempting to read again from journals. The default is 60s. [float] -[id="{beatname_lc}-seek"] +[id="seek"] ==== `seek` The position to start reading the journal from. Valid settings are: @@ -124,7 +124,7 @@ If you have old log files and want to skip lines, start {beatname_uc} with {beatname_uc}. [float] -[id="{beatname_lc}-include-matches"] +[id="include-matches"] ==== `include_matches` A list of filter expressions used to match fields. The format of the expression diff --git a/journalbeat/docs/filtering.asciidoc b/journalbeat/docs/filtering.asciidoc index ef8681b67fa..1150e70f754 100644 --- a/journalbeat/docs/filtering.asciidoc +++ b/journalbeat/docs/filtering.asciidoc @@ -7,7 +7,7 @@ metadata). {beatname_uc} provides a couple of options for filtering and enhancing exported data. You can configure {beatname_uc} to include events that match specific filtering -criteria. To do this, use the <<{beatname_lc}-include-matches,`include_matches`>> +criteria. To do this, use the <> option. The advantage of this approach is that you can reduce the number of fields that {beatname_uc} needs to process. diff --git a/journalbeat/docs/general-options.asciidoc b/journalbeat/docs/general-options.asciidoc index 12dfc390b31..c71e4140ece 100644 --- a/journalbeat/docs/general-options.asciidoc +++ b/journalbeat/docs/general-options.asciidoc @@ -47,14 +47,14 @@ or under `paths`. For a description of this option, see This option is valid as a global setting under the +{beatname_lc}+ namespace or under `paths`. For a description of this option, see -<<{beatname_lc}-seek,`seek`>>. +<>. [float] ==== `include_matches` deprecated[5.6.1,Use the option under `paths` instead.] This option is valid as a global setting under the +{beatname_lc}+ namespace or under `paths`. For a description of this option, see -<<{beatname_lc}-include-matches,`include_matches`>>. +<>. include::{libbeat-dir}/docs/generalconfig.asciidoc[] diff --git a/journalbeat/docs/getting-started.asciidoc b/journalbeat/docs/getting-started.asciidoc index 06270b4a2d6..35d229b6a3c 100644 --- a/journalbeat/docs/getting-started.asciidoc +++ b/journalbeat/docs/getting-started.asciidoc @@ -123,15 +123,15 @@ path. For example: + If no paths are specified, {beatname_uc} reads from the default journal. -. Set the <<{beatname_lc}-seek,`seek`>> option to control the position where +. Set the <> option to control the position where {beatname_uc} starts reading the journal. The available options are `head`, `tail`, and `cursor`. The default is `cursor`, which means that on first read, {beatname_uc} starts reading at the beginning of the file, but continues reading at the last known position after a reload or restart. For more detail about the settings, see the reference docs for the -<<{beatname_lc}-seek,`seek` option>>. +<>. -. (Optional) Set the <<{beatname_lc}-include-matches,`include_matches`>> option +. (Optional) Set the <> option to filter entries in journald before collecting any log events. This reduces the number of events that {beatname_uc} needs to process. For example, to fetch only Redis events from a Docker container tagged as `redis`, use: diff --git a/libbeat/docs/command-reference.asciidoc b/libbeat/docs/command-reference.asciidoc index 4566e4e6161..02ae326e9ac 100644 --- a/libbeat/docs/command-reference.asciidoc +++ b/libbeat/docs/command-reference.asciidoc @@ -80,23 +80,23 @@ endif::[] [options="header"] |======================= |Commands | -ifeval::[("{beatname_lc}"=="functionbeat")] +ifeval::["{beatname_lc}"=="functionbeat"] |<> | {deploy-command-short-desc}. endif::[] |<> |{export-command-short-desc}. |<> |{help-command-short-desc}. |<> |{keystore-command-short-desc}. -ifeval::[("{beatname_lc}"=="functionbeat")] +ifeval::["{beatname_lc}"=="functionbeat"] |<> |{package-command-short-desc}. |<> |{remove-command-short-desc}. endif::[] -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="metricbeat")] +ifdef::has_modules_command[] |<> |{modules-command-short-desc}. endif::[] |<> |{run-command-short-desc}. |<> |{setup-command-short-desc}. |<> |{test-command-short-desc}. -ifeval::[("{beatname_lc}"=="functionbeat")] +ifeval::["{beatname_lc}"=="functionbeat"] |<> |{update-command-short-desc}. endif::[] |<> |{version-command-short-desc}. @@ -104,7 +104,7 @@ endif::[] Also see <>. -ifeval::[("{beatname_lc}"=="functionbeat")] +ifeval::["{beatname_lc}"=="functionbeat"] [[deploy-command]] ==== `deploy` command @@ -302,7 +302,7 @@ Shows help for the `keystore` command. See <> for more examples. -ifeval::[("{beatname_lc}"=="functionbeat")] +ifeval::["{beatname_lc}"=="functionbeat"] [[package-command]] ==== `package` command @@ -364,7 +364,7 @@ Shows help for the `remove` command. ----- endif::[] -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="metricbeat")] +ifdef::has_modules_command[] [[modules-command]] ==== `modules` command @@ -717,7 +717,7 @@ ifeval::["{beatname_lc}"=="metricbeat"] ----- endif::[] -ifeval::[("{beatname_lc}"=="functionbeat")] +ifeval::["{beatname_lc}"=="functionbeat"] [[update-command]] ==== `update` command diff --git a/libbeat/docs/monitoring/monitoring-beats.asciidoc b/libbeat/docs/monitoring/monitoring-beats.asciidoc index 112adcb1e1a..1d1c0fb0b09 100644 --- a/libbeat/docs/monitoring/monitoring-beats.asciidoc +++ b/libbeat/docs/monitoring/monitoring-beats.asciidoc @@ -36,31 +36,28 @@ information, see . Add the `xpack.monitoring` settings in the {beatname_uc} configuration file. If you configured {es} output, specify the following minimal configuration: + --- [source, yml] --------------------- +---- xpack.monitoring.enabled: true --------------------- - +---- ++ If you configured a different output, such as {ls}, you must specify additional configuration options. For example: - ++ ["source","yml",subs="attributes"] --------------------- +---- xpack.monitoring: enabled: true elasticsearch: hosts: ["https://example.com:9200", "https://example2.com:9200"] username: {beat_monitoring_user} password: somepassword --------------------- - +---- ++ NOTE: Currently you must send monitoring data to the same cluster as all other events. If you configured {es} output, do not specify additional hosts in the monitoring configuration. --- - . {kibana-ref}/monitoring-xpack-kibana.html[Configure monitoring in {kib}]. . To verify your monitoring configuration, point your web browser at your {kib} diff --git a/libbeat/docs/outputconfig.asciidoc b/libbeat/docs/outputconfig.asciidoc index 2c080fa767e..9e939bf2bde 100644 --- a/libbeat/docs/outputconfig.asciidoc +++ b/libbeat/docs/outputconfig.asciidoc @@ -441,21 +441,17 @@ endif::[] ===== `max_retries` -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="winlogbeat")] - +ifdef::ignores_max_retries[] {beatname_uc} ignores the `max_retries` setting and retries indefinitely. - endif::[] -ifeval::[("{beatname_lc}"!="filebeat") and ("{beatname_lc}"!="winlogbeat")] - +ifndef::ignores_max_retries[] The number of times to retry publishing an event after a publishing failure. After the specified number of retries, the events are typically dropped. Set `max_retries` to a value less than 0 to retry until all events are published. The default is 3. - endif::[] @@ -717,21 +713,17 @@ The number of seconds to wait for responses from the Logstash server before timi ===== `max_retries` -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="winlogbeat")] - +ifdef::ignores_max_retries[] {beatname_uc} ignores the `max_retries` setting and retries indefinitely. - endif::[] -ifeval::[("{beatname_lc}"!="filebeat") and ("{beatname_lc}"!="winlogbeat")] - +ifndef::ignores_max_retries[] The number of times to retry publishing an event after a publishing failure. After the specified number of retries, the events are typically dropped. Set `max_retries` to a value less than 0 to retry until all events are published. The default is 3. - endif::[] ===== `bulk_max_size` @@ -947,21 +939,17 @@ brokers, topics, partition, and active leaders to use for publishing. ===== `max_retries` -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="winlogbeat")] - +ifdef::ignores_max_retries[] {beatname_uc} ignores the `max_retries` setting and retries indefinitely. - endif::[] -ifeval::[("{beatname_lc}"!="filebeat") and ("{beatname_lc}"!="winlogbeat")] - +ifndef::ignores_max_retries[] The number of times to retry publishing an event after a publishing failure. After the specified number of retries, the events are typically dropped. Set `max_retries` to a value less than 0 to retry until all events are published. The default is 3. - endif::[] ===== `bulk_max_size` @@ -1211,21 +1199,17 @@ Redis after a network error. The default is 60s. ===== `max_retries` -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="winlogbeat")] - +ifdef::ignores_max_retries[] {beatname_uc} ignores the `max_retries` setting and retries indefinitely. - endif::[] -ifeval::["{beatname_lc}"!="filebeat" and "{beatname_lc}"!="winlogbeat"] - +ifndef::ignores_max_retries[] The number of times to retry publishing an event after a publishing failure. After the specified number of retries, the events are typically dropped. Set `max_retries` to a value less than 0 to retry until all events are published. The default is 3. - endif::[] diff --git a/libbeat/docs/processors-using.asciidoc b/libbeat/docs/processors-using.asciidoc index 895d4f13bbd..629fa19e2d1 100644 --- a/libbeat/docs/processors-using.asciidoc +++ b/libbeat/docs/processors-using.asciidoc @@ -41,7 +41,11 @@ ifeval::["{beatname_lc}"=="filebeat"] :processor-scope: input endif::[] -ifeval::["{beatname_lc}"=="auditbeat" or "{beatname_lc}"=="metricbeat"] +ifeval::["{beatname_lc}"=="auditbeat"] +:processor-scope: module +endif::[] + +ifeval::["{beatname_lc}"=="metricbeat"] :processor-scope: module endif::[] diff --git a/libbeat/docs/reference-yml.asciidoc b/libbeat/docs/reference-yml.asciidoc index 44361b4fe55..6aa17c217f2 100644 --- a/libbeat/docs/reference-yml.asciidoc +++ b/libbeat/docs/reference-yml.asciidoc @@ -12,14 +12,14 @@ The contents of the file are included here for your convenience. ifndef::has_xpack[] [source,yaml] --- +---- include::../../{beatname_lc}/{beatname_lc}.reference.yml[] --- +---- endif::has_xpack[] ifdef::has_xpack[] [source,yaml] --- +---- include::../../x-pack/{beatname_lc}/{beatname_lc}.reference.yml[] --- +---- endif::has_xpack[] diff --git a/libbeat/docs/security/securing-beats.asciidoc b/libbeat/docs/security/securing-beats.asciidoc index 7d068544106..df80cf66457 100644 --- a/libbeat/docs/security/securing-beats.asciidoc +++ b/libbeat/docs/security/securing-beats.asciidoc @@ -2,6 +2,7 @@ [[securing-beats]] == Configure {beatname_uc} to use {security} +[subs="attributes"] ++++ Use {security} ++++ diff --git a/libbeat/docs/shared-central-management.asciidoc b/libbeat/docs/shared-central-management.asciidoc index e921379bc59..39dd219eafd 100644 --- a/libbeat/docs/shared-central-management.asciidoc +++ b/libbeat/docs/shared-central-management.asciidoc @@ -2,10 +2,6 @@ [role="xpack"] = {beats} central management -++++ -Central management -++++ - [partintro] -- @@ -144,7 +140,7 @@ ifndef::no_dashboards[] <> before enrolling the Beat. endif::[] -ifeval::[("{beatname_lc}"=="filebeat")] +ifeval::["{beatname_lc}"=="filebeat"] * If you plan to define module configurations in central management, set up the ingest pipelines before enrolling the Beat. For more information, see <>. diff --git a/libbeat/docs/shared-docker.asciidoc b/libbeat/docs/shared-docker.asciidoc index 39bda11d61a..1e4287a62fa 100644 --- a/libbeat/docs/shared-docker.asciidoc +++ b/libbeat/docs/shared-docker.asciidoc @@ -44,7 +44,37 @@ endif::[] Running {beatname_uc} with the setup command will create the index pattern and load visualizations, dashboards, and machine learning jobs. Run this command: -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="metricbeat") or ("{beatname_lc}"=="heartbeat") or ("{beatname_lc}"=="journalbeat")] +ifeval::["{beatname_lc}"=="filebeat"] +["source", "sh", subs="attributes"] +-------------------------------------------- +docker run \ +{dockerimage} \ +setup -E setup.kibana.host=kibana:5601 \ +-E output.elasticsearch.hosts=["elasticsearch:9200"] <1> <2> +-------------------------------------------- +endif::[] + +ifeval::["{beatname_lc}"=="metricbeat"] +["source", "sh", subs="attributes"] +-------------------------------------------- +docker run \ +{dockerimage} \ +setup -E setup.kibana.host=kibana:5601 \ +-E output.elasticsearch.hosts=["elasticsearch:9200"] <1> <2> +-------------------------------------------- +endif::[] + +ifeval::["{beatname_lc}"=="heartbeat"] +["source", "sh", subs="attributes"] +-------------------------------------------- +docker run \ +{dockerimage} \ +setup -E setup.kibana.host=kibana:5601 \ +-E output.elasticsearch.hosts=["elasticsearch:9200"] <1> <2> +-------------------------------------------- +endif::[] + +ifeval::["{beatname_lc}"=="journalbeat"] ["source", "sh", subs="attributes"] -------------------------------------------- docker run \ @@ -109,7 +139,21 @@ curl -L -O https://raw.githubusercontent.com/elastic/beats/{branch}/deploy/docke One way to configure {beatname_uc} on Docker is to provide +{beatname_lc}.docker.yml+ via a volume mount. With +docker run+, the volume mount can be specified like this: -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="journalbeat")] +ifeval::["{beatname_lc}"=="filebeat"] +["source", "sh", subs="attributes"] +-------------------------------------------- +docker run -d \ + --name={beatname_lc} \ + --user=root \ + --volume="$(pwd)/{beatname_lc}.docker.yml:/usr/share/{beatname_lc}/{beatname_lc}.yml:ro" \ + --volume="/var/lib/docker/containers:/var/lib/docker/containers:ro" \ + --volume="/var/run/docker.sock:/var/run/docker.sock:ro" \ + {dockerimage} {beatname_lc} -e -strict.perms=false \ + -E output.elasticsearch.hosts=["elasticsearch:9200"] <1> <2> +-------------------------------------------- +endif::[] + +ifeval::["{beatname_lc}"=="journalbeat"] ["source", "sh", subs="attributes"] -------------------------------------------- docker run -d \ @@ -191,8 +235,7 @@ using the syntax shown earlier. ===== Customize your configuration -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="metricbeat")] - +ifdef::has_docker_label_ex[] The +{beatname_lc}.docker.yml+ file you downloaded earlier is configured to deploy Beats modules based on the Docker labels applied to your containers. See <> for more details. Add labels to your application Docker containers, and they will be picked up by the Beats autodiscover feature when they are deployed. Here is an example command for an Apache HTTP Server container with labels to configure the Filebeat and Metricbeat modules for the Apache HTTP Server: ["source", "sh", subs="attributes"] @@ -209,11 +252,9 @@ docker run \ -p 8080:80 \ httpd:2.4 -------------------------------------------- - endif::[] -ifeval::[("{beatname_lc}"!="filebeat") and ("{beatname_lc}"!="metricbeat")] - +ifndef::has_docker_label_ex[] The +{beatname_lc}.docker.yml+ downloaded earlier should be customized for your environment. See <> for more details. Edit the configuration file and customize it to match your environment then re-deploy your {beatname_uc} container. endif::[] diff --git a/libbeat/docs/shared-path-config.asciidoc b/libbeat/docs/shared-path-config.asciidoc index d85cdb8b593..119b9260dcc 100644 --- a/libbeat/docs/shared-path-config.asciidoc +++ b/libbeat/docs/shared-path-config.asciidoc @@ -17,7 +17,7 @@ The `path` section of the +{beatname_lc}.yml+ config file contains configuration options that define where {beatname_uc} looks for its files. For example, {beatname_uc} looks for the Elasticsearch template file in the configuration path and writes log files in the logs path. -ifeval::["{beatname_lc}"=="filebeat" or "{beatname_lc}"=="winlogbeat"] +ifdef::has_registry[] {beatname_uc} looks for its registry files in the data path. endif::[] diff --git a/libbeat/docs/step-configure-output.asciidoc b/libbeat/docs/step-configure-output.asciidoc index d607ff074d6..b50673990dc 100644 --- a/libbeat/docs/step-configure-output.asciidoc +++ b/libbeat/docs/step-configure-output.asciidoc @@ -7,12 +7,10 @@ to {es}, or to {ls} for additional processing. To send output directly to {es} (without using {ls}), set the location of the {es} installation: + --- endif::only-elasticsearch[] ifdef::only-elasticsearch[] . Configure the {es} output by setting the location of the {es} installation: + --- endif::only-elasticsearch[] endif::has_module_steps[] * If you're running our @@ -33,18 +31,11 @@ output.elasticsearch: hosts: ["myEShost:9200"] ---------------------------------------------------------------------- ifndef::has_module_steps[] --- + ifndef::only-elasticsearch[] -ifeval::["{beatname_lc}"!="filebeat" and "{beatname_lc}"!="winlogbeat"] To send output to {ls}, <> instead. For all other outputs, see <>. -endif::[] -ifeval::[("{beatname_lc}"=="filebeat") or ("{beatname_lc}"=="winlogbeat")] -To send output to {ls}, make sure you configure the Logstash output in -<>. For all other outputs, see <>. -endif::[] endif::only-elasticsearch[] ifdef::only-elasticsearch[] {es} is currently the only output supported by {beatname_uc}. diff --git a/libbeat/scripts/generate_fields_docs.py b/libbeat/scripts/generate_fields_docs.py index 8346d6ef10f..2abf1d68401 100644 --- a/libbeat/scripts/generate_fields_docs.py +++ b/libbeat/scripts/generate_fields_docs.py @@ -11,7 +11,8 @@ def document_fields(output, section, sections, path): output.write("{}\n".format(section["prefix"])) # Intermediate level titles - if "description" in section and "prefix" not in section and "anchor" not in section: + if ("description" in section and "prefix" not in section and + "anchor" not in section): output.write("[float]\n") if "description" in section: @@ -70,10 +71,12 @@ def document_field(output, field, field_path): if not field["enabled"]: output.write("{}\n\n".format("Object is not enabled.")) + output.write("--\n\n") + if "multi_fields" in field: for subfield in field["multi_fields"]: - document_field(output, subfield, field_path + "." + subfield["name"]) - output.write("--\n\n") + document_field(output, subfield, field_path + "." + + subfield["name"]) def fields_to_asciidoc(input, output, beat): @@ -129,8 +132,10 @@ def fields_to_asciidoc(input, output, beat): description="Generates the documentation for a Beat.") parser.add_argument("path", help="Path to the beat folder") parser.add_argument("beattitle", help="The beat title") - parser.add_argument("es_beats", help="The path to the general beats folder") - parser.add_argument("--output_path", default="", dest="output_path", help="Output path, if different from path") + parser.add_argument("es_beats", + help="The path to the general beats folder") + parser.add_argument("--output_path", default="", dest="output_path", + help="Output path, if different from path") args = parser.parse_args() diff --git a/metricbeat/docs/index.asciidoc b/metricbeat/docs/index.asciidoc index 41af77ab88d..7de3a955677 100644 --- a/metricbeat/docs/index.asciidoc +++ b/metricbeat/docs/index.asciidoc @@ -16,6 +16,8 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :has_ml_jobs: yes :has_central_config: :has_solutions: +:has_docker_label_ex: +:has_modules_command: :deb_os: :rpm_os: :mac_os: diff --git a/metricbeat/docs/modules_list.asciidoc b/metricbeat/docs/modules_list.asciidoc index 8544717c5ad..c3659bde93c 100644 --- a/metricbeat/docs/modules_list.asciidoc +++ b/metricbeat/docs/modules_list.asciidoc @@ -3,7 +3,7 @@ This file is generated! See scripts/docs_collector.py //// [options="header"] -|=================================== +|=== |Modules |Dashboards |Metricsets |<> |image:./images/icon-no.png[No prebuilt dashboards] | .1+| .1+| |<> @@ -152,7 +152,7 @@ This file is generated! See scripts/docs_collector.py |<> |image:./images/icon-yes.png[Prebuilt dashboards are available] | .2+| .2+| |<> |<> -|================================ +|=== -- diff --git a/metricbeat/scripts/docs_collector.py b/metricbeat/scripts/docs_collector.py index ea66f23c443..1f9f6ee5c29 100644 --- a/metricbeat/scripts/docs_collector.py +++ b/metricbeat/scripts/docs_collector.py @@ -191,7 +191,7 @@ def collect(beat_name): module_list_output = generated_note module_list_output += '[options="header"]\n' - module_list_output += '|===================================\n' + module_list_output += '|===\n' module_list_output += '|Modules |Dashboards |Metricsets \n' for key, m in sorted(six.iteritems(modules_list)): @@ -218,7 +218,7 @@ def collect(beat_name): module_list_output += '|{} {} \n'.format(ms["link"], release_label) - module_list_output += '|================================' + module_list_output += '|===' module_list_output += "\n\n--\n\n" for key, m in sorted(six.iteritems(modules_list)): diff --git a/packetbeat/docs/packetbeat-filtering.asciidoc b/packetbeat/docs/packetbeat-filtering.asciidoc index 54057d48fb5..df1087e3b54 100644 --- a/packetbeat/docs/packetbeat-filtering.asciidoc +++ b/packetbeat/docs/packetbeat-filtering.asciidoc @@ -7,7 +7,7 @@ For example, the following configuration includes a subset of the Packetbeat DNS requests and their response codes are reported: [source, yaml] ------------------------------------------------------ +---- processors: - include_fields: fields: @@ -18,12 +18,12 @@ processors: - dns.question.name - dns.question.etld_plus_one - dns.response_code ------------------------------------------------------ +---- The filtered event would look something like this: [source,shell] ------------------------------------------------------ +---- { "@timestamp": "2016-03-28T14:48:21.732Z", "bytes_in": 32, @@ -39,30 +39,30 @@ The filtered event would look something like this: "ip": "8.8.8.8", "type": "dns" } ------------------------------------------------------ +---- If you would like to drop all the successful transactions, you can use the following configuration: [source,yaml] ------------- +---- processors: - drop_event: when: equals: http.response.code: 200 ------------ +---- If you don't want to export raw data for the successful transactions: [source,yaml] ------------- +---- processors: - drop_fields: when: equals: http.response.code: 200 fields: ["request", "response"] ------------- +---- include::{libbeat-dir}/docs/processors-using.asciidoc[] diff --git a/winlogbeat/docs/index.asciidoc b/winlogbeat/docs/index.asciidoc index 6daae177612..ede4e08f9d8 100644 --- a/winlogbeat/docs/index.asciidoc +++ b/winlogbeat/docs/index.asciidoc @@ -14,6 +14,8 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :discuss_forum: beats/{beatname_lc} :beat_default_index_prefix: {beatname_lc} :has_ml_jobs: yes +:has_registry: +:ignores_max_retries: :win_os: :win_only: