diff --git a/auditbeat/docs/auditbeat-filtering.asciidoc b/auditbeat/docs/auditbeat-filtering.asciidoc index c5dfdd55484..6919965ac54 100644 --- a/auditbeat/docs/auditbeat-filtering.asciidoc +++ b/auditbeat/docs/auditbeat-filtering.asciidoc @@ -1,5 +1,9 @@ [[filtering-and-enhancing-data]] -== Filter and enhance the exported data +== Filter and enhance data with processors + +++++ +Processors +++++ include::{libbeat-dir}/processors.asciidoc[] diff --git a/auditbeat/docs/auditbeat-general-options.asciidoc b/auditbeat/docs/auditbeat-general-options.asciidoc index 6fb7ba164e9..7aec17cd609 100644 --- a/auditbeat/docs/auditbeat-general-options.asciidoc +++ b/auditbeat/docs/auditbeat-general-options.asciidoc @@ -1,5 +1,9 @@ [[configuration-general-options]] -== Specify general settings +== Configure general settings + +++++ +General settings +++++ You can specify settings in the +{beatname_lc}.yml+ config file to control the general behavior of {beatname_uc}. diff --git a/auditbeat/docs/auditbeat-modules-config.asciidoc b/auditbeat/docs/auditbeat-modules-config.asciidoc index 07040215d1e..2071f156b92 100644 --- a/auditbeat/docs/auditbeat-modules-config.asciidoc +++ b/auditbeat/docs/auditbeat-modules-config.asciidoc @@ -1,5 +1,9 @@ [id="configuration-{beatname_lc}"] -== Specify which modules to run +== Configure modules + +++++ +Modules +++++ To enable specific modules you add entries to the `auditbeat.modules` list in the +{beatname_lc}.yml+ config file. Each entry in the list begins with a dash diff --git a/auditbeat/docs/configuring-howto.asciidoc b/auditbeat/docs/configuring-howto.asciidoc index 007a0670418..c4ab3ee230b 100644 --- a/auditbeat/docs/configuring-howto.asciidoc +++ b/auditbeat/docs/configuring-howto.asciidoc @@ -1,8 +1,12 @@ [id="configuring-howto-{beatname_lc}"] -= Configuring {beatname_uc} += Configure {beatname_uc} [partintro] -- +++++ +Configure +++++ + Before modifying configuration settings, make sure you've completed the <<{beatname_lc}-configuration,configuration steps>> in the Getting Started. This section describes some common use cases for changing configuration options. @@ -21,23 +25,19 @@ The following topics describe how to configure {beatname_uc}: * <> * <> -* <<{beatname_lc}-configuration-reloading>> -* <> +* <> +* <> * <> -* <> * <> -* <> -* <> -* <<{beatname_lc}-geoip>> -* <> +* <> +* <> * <> * <> -* <> +* <> +* <> * <> -* <> -* <> -* <> * <> +* <> * <<{beatname_lc}-reference-yml>> After changing configuration settings, you need to restart {beatname_uc} to @@ -49,40 +49,26 @@ include::./auditbeat-modules-config.asciidoc[] include::./auditbeat-general-options.asciidoc[] -include::./reload-configuration.asciidoc[] +include::{libbeat-dir}/shared-path-config.asciidoc[] -include::{libbeat-dir}/queueconfig.asciidoc[] +include::./reload-configuration.asciidoc[] include::{libbeat-dir}/outputconfig.asciidoc[] -include::{libbeat-dir}/shared-ilm.asciidoc[] - include::{libbeat-dir}/shared-ssl-config.asciidoc[] -include::./auditbeat-filtering.asciidoc[] - -include::{libbeat-dir}/shared-config-ingest.asciidoc[] - -include::{libbeat-dir}/shared-geoip.asciidoc[] +include::{libbeat-dir}/shared-ilm.asciidoc[] -include::{libbeat-dir}/shared-path-config.asciidoc[] +include::{libbeat-dir}/setup-config.asciidoc[] -include::{libbeat-dir}/shared-kibana-config.asciidoc[] +include::./auditbeat-filtering.asciidoc[] -include::{libbeat-dir}/setup-config.asciidoc[] +include::{libbeat-dir}/queueconfig.asciidoc[] include::{libbeat-dir}/loggingconfig.asciidoc[] -:standalone: -include::{libbeat-dir}/shared-env-vars.asciidoc[] -:standalone!: - -:standalone: -include::{libbeat-dir}/yaml.asciidoc[] -:standalone!: +include::{libbeat-dir}/http-endpoint.asciidoc[] include::{libbeat-dir}/regexp.asciidoc[] -include::{libbeat-dir}/http-endpoint.asciidoc[] - include::{libbeat-dir}/reference-yml.asciidoc[] diff --git a/auditbeat/docs/getting-started.asciidoc b/auditbeat/docs/getting-started.asciidoc index 493160de8e0..f5bd61f1aba 100644 --- a/auditbeat/docs/getting-started.asciidoc +++ b/auditbeat/docs/getting-started.asciidoc @@ -1,5 +1,9 @@ [id="{beatname_lc}-getting-started"] -== Getting started with {beatname_uc} +== Get started with {beatname_uc} + +++++ +Get started +++++ include::{libbeat-dir}/shared-getting-started-intro.asciidoc[] diff --git a/auditbeat/docs/howto/howto.asciidoc b/auditbeat/docs/howto/howto.asciidoc new file mode 100644 index 00000000000..2e9cacbb06b --- /dev/null +++ b/auditbeat/docs/howto/howto.asciidoc @@ -0,0 +1,29 @@ +[[howto-guides]] += How to + +[partintro] +-- +Learn how to perform common {beatname_uc} configuration tasks. + +* <<{beatname_lc}-geoip>> +* <> +* <> +* <> + + +-- + +include::{libbeat-dir}/shared-geoip.asciidoc[] + +:standalone: +include::{libbeat-dir}/shared-env-vars.asciidoc[] +:standalone!: + +include::{libbeat-dir}/shared-config-ingest.asciidoc[] + +:standalone: +include::{libbeat-dir}/yaml.asciidoc[] +:standalone!: + + + diff --git a/auditbeat/docs/index.asciidoc b/auditbeat/docs/index.asciidoc index 6de3c9db528..43f68815848 100644 --- a/auditbeat/docs/index.asciidoc +++ b/auditbeat/docs/index.asciidoc @@ -39,6 +39,8 @@ include::./upgrading.asciidoc[] include::./configuring-howto.asciidoc[] +include::{docdir}/howto/howto.asciidoc[] + include::./modules.asciidoc[] include::./fields.asciidoc[] diff --git a/auditbeat/docs/reload-configuration.asciidoc b/auditbeat/docs/reload-configuration.asciidoc index 210d5f4c158..dab510164d8 100644 --- a/auditbeat/docs/reload-configuration.asciidoc +++ b/auditbeat/docs/reload-configuration.asciidoc @@ -1,6 +1,10 @@ [id="{beatname_lc}-configuration-reloading"] == Reload the configuration dynamically +++++ +Config file reloading +++++ + beta[] You can configure {beatname_uc} to dynamically reload configuration files when diff --git a/auditbeat/docs/setting-up-running.asciidoc b/auditbeat/docs/setting-up-running.asciidoc index 05e68bb9d52..61f952b94c3 100644 --- a/auditbeat/docs/setting-up-running.asciidoc +++ b/auditbeat/docs/setting-up-running.asciidoc @@ -5,7 +5,11 @@ ///// [[setting-up-and-running]] -== Setting up and running {beatname_uc} +== Set up and run {beatname_uc} + +++++ +Set up and run +++++ Before reading this section, see the <<{beatname_lc}-getting-started,getting started documentation>> for basic diff --git a/auditbeat/docs/troubleshooting.asciidoc b/auditbeat/docs/troubleshooting.asciidoc index 463f4123167..cd5906710f8 100644 --- a/auditbeat/docs/troubleshooting.asciidoc +++ b/auditbeat/docs/troubleshooting.asciidoc @@ -1,5 +1,5 @@ [[troubleshooting]] -= Troubleshooting += Troubleshoot [partintro] -- diff --git a/auditbeat/docs/upgrading.asciidoc b/auditbeat/docs/upgrading.asciidoc index b054c12afa2..a897301c642 100644 --- a/auditbeat/docs/upgrading.asciidoc +++ b/auditbeat/docs/upgrading.asciidoc @@ -1,7 +1,7 @@ [[upgrading-auditbeat]] -== Upgrading Auditbeat +== Upgrade Auditbeat For information about upgrading to a new version, see the following topics in the _Beats Platform Reference_: * {beats-ref}/breaking-changes.html[Breaking Changes] -* {beats-ref}/upgrading.html[Upgrading] +* {beats-ref}/upgrading.html[Upgrade] diff --git a/filebeat/docs/configuring-howto.asciidoc b/filebeat/docs/configuring-howto.asciidoc index a5d8f381428..ab72b70d043 100644 --- a/filebeat/docs/configuring-howto.asciidoc +++ b/filebeat/docs/configuring-howto.asciidoc @@ -1,8 +1,12 @@ [[configuring-howto-filebeat]] -= Configuring Filebeat += Configure {beatname_uc} [partintro] -- +++++ +Configure +++++ + Before modifying configuration settings, make sure you've completed the <> in the Getting Started. This section describes some common use cases for changing configuration options. @@ -19,84 +23,57 @@ _Beats Platform Reference_ for more about the structure of the config file. The following topics describe how to configure Filebeat: -* <> * <> -* <> * <> +* <> * <> -* <> * <> -* <> -* <> * <> -* <> -* <<{beatname_lc}-deduplication>> -* <> -* <<{beatname_lc}-geoip>> -* <> +* <> +* <> * <> * <> -* <> -* <> -* <> +* <> * <> -* <> -* <> +* <> +* <> +* <> * <> +* <> * <<{beatname_lc}-reference-yml>> -- -include::./filebeat-modules-options.asciidoc[] - include::./filebeat-options.asciidoc[] -include::./multiline.asciidoc[] - include::./filebeat-general-options.asciidoc[] -include::./reload-configuration.asciidoc[] +include::{libbeat-dir}/shared-path-config.asciidoc[] -include::{libbeat-dir}/queueconfig.asciidoc[] +include::./reload-configuration.asciidoc[] include::{libbeat-dir}/outputconfig.asciidoc[] -include::../../libbeat/docs/shared-ilm.asciidoc[] - -include::./load-balancing.asciidoc[] - include::{libbeat-dir}/shared-ssl-config.asciidoc[] -include::./filebeat-filtering.asciidoc[] - -include::{libbeat-dir}/shared-deduplication.asciidoc[] - -include::{libbeat-dir}/shared-config-ingest.asciidoc[] - -include::{libbeat-dir}/shared-geoip.asciidoc[] - -include::{libbeat-dir}/shared-path-config.asciidoc[] - -include::{libbeat-dir}/shared-kibana-config.asciidoc[] +include::../../libbeat/docs/shared-ilm.asciidoc[] include::{libbeat-dir}/setup-config.asciidoc[] -include::{libbeat-dir}/loggingconfig.asciidoc[] - -:standalone: -include::{libbeat-dir}/shared-env-vars.asciidoc[] -:standalone!: +include::./filebeat-filtering.asciidoc[] :autodiscoverJolokia: :autodiscoverHints: include::{libbeat-dir}/shared-autodiscover.asciidoc[] -:standalone: -include::{libbeat-dir}/yaml.asciidoc[] -:standalone!: +include::{libbeat-dir}/queueconfig.asciidoc[] -include::{libbeat-dir}/regexp.asciidoc[] +include::./load-balancing.asciidoc[] + +include::{libbeat-dir}/loggingconfig.asciidoc[] include::{libbeat-dir}/http-endpoint.asciidoc[] +include::{libbeat-dir}/regexp.asciidoc[] + include::{libbeat-dir}/reference-yml.asciidoc[] diff --git a/filebeat/docs/filebeat-filtering.asciidoc b/filebeat/docs/filebeat-filtering.asciidoc index ddfa8fd4204..87eaf2ce72e 100644 --- a/filebeat/docs/filebeat-filtering.asciidoc +++ b/filebeat/docs/filebeat-filtering.asciidoc @@ -1,5 +1,9 @@ [[filtering-and-enhancing-data]] -== Filter and enhance the exported data +== Filter and enhance data with processors + +++++ +Processors +++++ Your use case might require only a subset of the data exported by {beatname_uc}, or you might need to enhance the exported data (for example, by adding diff --git a/filebeat/docs/filebeat-general-options.asciidoc b/filebeat/docs/filebeat-general-options.asciidoc index 45767813840..ad471c64084 100644 --- a/filebeat/docs/filebeat-general-options.asciidoc +++ b/filebeat/docs/filebeat-general-options.asciidoc @@ -1,5 +1,9 @@ [[configuration-general-options]] -== Specify general settings +== Configure general settings + +++++ +General settings +++++ You can specify settings in the +{beatname_lc}.yml+ config file to control the general behavior of {beatname_uc}. This includes: diff --git a/filebeat/docs/filebeat-modules-options.asciidoc b/filebeat/docs/filebeat-modules-options.asciidoc index 6dde1797a67..efbfc603c7f 100644 --- a/filebeat/docs/filebeat-modules-options.asciidoc +++ b/filebeat/docs/filebeat-modules-options.asciidoc @@ -1,7 +1,7 @@ :modulename: apache mysql [id="configuration-{beatname_lc}-modules"] -== Specify which modules to run +== Enable and run modules NOTE: Using {beatname_uc} modules is optional. You may decide to <> if you are using @@ -131,7 +131,7 @@ appropriate for your environment. To change the default configurations, you need to <>. [[specify-variable-settings]] -=== Specify variable settings +=== Configure variable settings include::./include/set-paths.asciidoc[] diff --git a/filebeat/docs/filebeat-options.asciidoc b/filebeat/docs/filebeat-options.asciidoc index ac011960a6a..3cfeab3962a 100644 --- a/filebeat/docs/filebeat-options.asciidoc +++ b/filebeat/docs/filebeat-options.asciidoc @@ -2,7 +2,7 @@ == Configure inputs ++++ -Configure inputs +Inputs ++++ TIP: <<{beatname_lc}-modules-overview,{beatname_uc} modules>> provide the @@ -59,6 +59,8 @@ You can configure {beatname_uc} to use the following inputs: * <<{beatname_lc}-input-cloudfoundry>> +include::multiline.asciidoc[] + include::inputs/input-log.asciidoc[] include::inputs/input-stdin.asciidoc[] diff --git a/filebeat/docs/getting-started.asciidoc b/filebeat/docs/getting-started.asciidoc index fe20fdeafe4..8aa03b5595e 100644 --- a/filebeat/docs/getting-started.asciidoc +++ b/filebeat/docs/getting-started.asciidoc @@ -1,5 +1,9 @@ [[filebeat-getting-started]] -== Getting Started With Filebeat +== Get started with {beatname_uc} + +++++ +Get started +++++ include::{libbeat-dir}/shared-getting-started-intro.asciidoc[] diff --git a/filebeat/docs/howto/howto.asciidoc b/filebeat/docs/howto/howto.asciidoc new file mode 100644 index 00000000000..6b79200db9f --- /dev/null +++ b/filebeat/docs/howto/howto.asciidoc @@ -0,0 +1,35 @@ +[[howto-guides]] += How to + +[partintro] +-- +Learn how to perform common {beatname_uc} configuration tasks. + +* <> +* <<{beatname_lc}-geoip>> +* <<{beatname_lc}-deduplication>> +* <> +* <> +* <> + + +-- + +include::{docdir}/../docs/filebeat-modules-options.asciidoc[] + +include::{libbeat-dir}/shared-geoip.asciidoc[] + +include::{libbeat-dir}/shared-deduplication.asciidoc[] + +:standalone: +include::{libbeat-dir}/shared-env-vars.asciidoc[] +:standalone!: + +include::{libbeat-dir}/shared-config-ingest.asciidoc[] + +:standalone: +include::{libbeat-dir}/yaml.asciidoc[] +:standalone!: + + + diff --git a/filebeat/docs/index.asciidoc b/filebeat/docs/index.asciidoc index 132b47579fc..dc306a37392 100644 --- a/filebeat/docs/index.asciidoc +++ b/filebeat/docs/index.asciidoc @@ -46,6 +46,8 @@ include::./how-filebeat-works.asciidoc[] include::./configuring-howto.asciidoc[] +include::{docdir}/howto/howto.asciidoc[] + include::{libbeat-dir}/shared-central-management.asciidoc[] include::./modules.asciidoc[] diff --git a/filebeat/docs/load-balancing.asciidoc b/filebeat/docs/load-balancing.asciidoc index d196ea9799b..c2a65a80961 100644 --- a/filebeat/docs/load-balancing.asciidoc +++ b/filebeat/docs/load-balancing.asciidoc @@ -1,6 +1,10 @@ [[load-balancing]] == Load balance the output hosts +++++ +Load balancing +++++ + Filebeat provides configuration options that you can use to fine tune load balancing when sending events to multiple hosts. diff --git a/filebeat/docs/modules-getting-started.asciidoc b/filebeat/docs/modules-getting-started.asciidoc index 0bbb5cf2806..db621fa6e29 100644 --- a/filebeat/docs/modules-getting-started.asciidoc +++ b/filebeat/docs/modules-getting-started.asciidoc @@ -22,7 +22,7 @@ Can't find a module for your log file type? Follow the numbered steps under Before running {beatname_uc} modules: * Install and configure the Elastic stack. See -{stack-gs}/get-started-elastic-stack.html[Getting started with the {stack}]. +{stack-gs}/get-started-elastic-stack.html[Get started with the {stack}]. * Complete the {beatname_uc} installation instructions described in <>. After installing {beatname_uc}, return to this diff --git a/filebeat/docs/multiline.asciidoc b/filebeat/docs/multiline.asciidoc index b498b2a084d..be662ca23ea 100644 --- a/filebeat/docs/multiline.asciidoc +++ b/filebeat/docs/multiline.asciidoc @@ -1,5 +1,9 @@ [[multiline-examples]] -== Manage multiline messages +=== Manage multiline messages + +++++ +Multiline messages +++++ The files harvested by {beatname_uc} may contain messages that span multiple lines of text. For example, multiline messages are common in files that contain @@ -15,7 +19,7 @@ Also read <> and <> to avoid common mistakes. [float] [[multiline]] -=== Configuration options +==== Configuration options You can specify the following options in the +{beatname_lc}.inputs+ section of the +{beatname_lc}.yml+ config file to control how {beatname_uc} deals with messages @@ -73,7 +77,7 @@ lines are discarded. The default is 500. *`multiline.timeout`*:: After the specified timeout, {beatname_uc} sends the multiline event even if no new pattern is found to start a new event. The default is 5s. -=== Examples of multiline configuration +==== Examples of multiline configuration The examples in this section cover the following use cases: @@ -82,7 +86,7 @@ The examples in this section cover the following use cases: * Combining multiple lines from time-stamped events [float] -==== Java stack traces +===== Java stack traces Java stack traces consist of multiple lines, with each line after the initial line beginning with whitespace, as in this example: @@ -134,7 +138,7 @@ In this example, the pattern matches the following lines: * a line that begins with the words `Caused by:` [float] -==== Line continuations +===== Line continuations Several programming languages use the backslash (`\`) character at the end of a line to denote that the line continues, as in this example: @@ -157,7 +161,7 @@ multiline.match: before This configuration merges any line that ends with the `\` character with the line that follows. [float] -==== Timestamps +===== Timestamps Activity logs from services such as Elasticsearch typically begin with a timestamp, followed by information on the specific activity, as in this example: @@ -181,7 +185,7 @@ This configuration uses the `negate: true` and `match: after` settings to specif specified pattern belongs to the previous line. [float] -==== Application events +===== Application events Sometimes your application logs contain events, that begin and end with custom markers, such as the following example: @@ -204,7 +208,7 @@ multiline.flush_pattern: 'End event' The `flush_pattern` option, specifies a regex at which the current multiline will be flushed. If you think of the `pattern` option specifying the beginning of an event, the `flush_pattern` option will specify the end or last line of the event. -=== Test your regexp pattern for multiline +==== Test your regexp pattern for multiline To make it easier for you to test the regexp patterns in your multiline config, we've created a https://play.golang.org/p/uAd5XHxscu[Go Playground]. You can simply plug in the regexp pattern along with diff --git a/filebeat/docs/reload-configuration.asciidoc b/filebeat/docs/reload-configuration.asciidoc index 52eb800d5a8..5ff3fa9ac37 100644 --- a/filebeat/docs/reload-configuration.asciidoc +++ b/filebeat/docs/reload-configuration.asciidoc @@ -1,6 +1,10 @@ [[filebeat-configuration-reloading]] == Load external configuration files +++++ +Config file loading +++++ + {beatname_uc} can load external configuration files for inputs and modules, allowing you to separate your configuration into multiple smaller configuration files. See the <> and the diff --git a/filebeat/docs/setting-up-running.asciidoc b/filebeat/docs/setting-up-running.asciidoc index 05e68bb9d52..61f952b94c3 100644 --- a/filebeat/docs/setting-up-running.asciidoc +++ b/filebeat/docs/setting-up-running.asciidoc @@ -5,7 +5,11 @@ ///// [[setting-up-and-running]] -== Setting up and running {beatname_uc} +== Set up and run {beatname_uc} + +++++ +Set up and run +++++ Before reading this section, see the <<{beatname_lc}-getting-started,getting started documentation>> for basic diff --git a/filebeat/docs/troubleshooting.asciidoc b/filebeat/docs/troubleshooting.asciidoc index 766c7a37bc4..0edffce46cf 100644 --- a/filebeat/docs/troubleshooting.asciidoc +++ b/filebeat/docs/troubleshooting.asciidoc @@ -1,5 +1,5 @@ [[troubleshooting]] -= Troubleshooting += Troubleshoot [partintro] -- diff --git a/filebeat/docs/upgrading.asciidoc b/filebeat/docs/upgrading.asciidoc index 2153ea09f5d..428be52e04d 100644 --- a/filebeat/docs/upgrading.asciidoc +++ b/filebeat/docs/upgrading.asciidoc @@ -1,7 +1,11 @@ [[upgrading-filebeat]] -== Upgrading Filebeat +== Upgrade {beatname_uc} + +++++ +Upgrade +++++ For information about upgrading to a new version, see the following topics in the _Beats Platform Reference_: * {beats-ref}/breaking-changes.html[Breaking Changes] -* {beats-ref}/upgrading.html[Upgrading] +* {beats-ref}/upgrading.html[Upgrade] diff --git a/heartbeat/docs/configuring-howto.asciidoc b/heartbeat/docs/configuring-howto.asciidoc index b9ada23ed10..7f2b6547d7e 100644 --- a/heartbeat/docs/configuring-howto.asciidoc +++ b/heartbeat/docs/configuring-howto.asciidoc @@ -1,8 +1,12 @@ [[configuring-howto-heartbeat]] -= Configuring {beatname_uc} += Configure {beatname_uc} [partintro] -- +++++ +Configure +++++ + Before modifying configuration settings, make sure you've completed the <> in the Getting Started. This section describes some common use cases for changing configuration options. @@ -23,22 +27,17 @@ The following topics describe how to configure Heartbeat: * <> * <> -* <> +* <> * <> -* <> * <> -* <> -* <> -* <<{beatname_lc}-geoip>> -* <> -* <> +* <> * <> -* <> -* <> +* <> * <> -* <> -* <> +* <> +* <> * <> +* <> * <<{beatname_lc}-reference-yml>> -- @@ -47,33 +46,17 @@ include::./heartbeat-options.asciidoc[] include::./heartbeat-general-options.asciidoc[] -include::./heartbeat-observer-options.asciidoc[] - -include::{libbeat-dir}/queueconfig.asciidoc[] +include::{libbeat-dir}/shared-path-config.asciidoc[] include::{libbeat-dir}/outputconfig.asciidoc[] -include::{libbeat-dir}/shared-ilm.asciidoc[] - include::{libbeat-dir}/shared-ssl-config.asciidoc[] -include::./heartbeat-filtering.asciidoc[] - -include::{libbeat-dir}/shared-config-ingest.asciidoc[] - -include::{libbeat-dir}/shared-geoip.asciidoc[] - -include::{libbeat-dir}/shared-path-config.asciidoc[] - -include::{libbeat-dir}/shared-kibana-config.asciidoc[] +include::{libbeat-dir}/shared-ilm.asciidoc[] include::{libbeat-dir}/setup-config.asciidoc[] -include::{libbeat-dir}/loggingconfig.asciidoc[] - -:standalone: -include::{libbeat-dir}/shared-env-vars.asciidoc[] -:standalone!: +include::./heartbeat-filtering.asciidoc[] :autodiscoverAWSELB: :autodiscoverHints: @@ -81,12 +64,12 @@ include::{libbeat-dir}/shared-autodiscover.asciidoc[] :autodiscoverHints!: :autodiscoverAWSELB!: -:standalone: -include::{libbeat-dir}/yaml.asciidoc[] -:standalone!: +include::{libbeat-dir}/queueconfig.asciidoc[] -include::{libbeat-dir}/regexp.asciidoc[] +include::{libbeat-dir}/loggingconfig.asciidoc[] include::{libbeat-dir}/http-endpoint.asciidoc[] +include::{libbeat-dir}/regexp.asciidoc[] + include::{libbeat-dir}/reference-yml.asciidoc[] diff --git a/heartbeat/docs/getting-started.asciidoc b/heartbeat/docs/getting-started.asciidoc index bc702680597..6113f0c1e26 100644 --- a/heartbeat/docs/getting-started.asciidoc +++ b/heartbeat/docs/getting-started.asciidoc @@ -1,5 +1,9 @@ [[heartbeat-getting-started]] -== Getting Started With Heartbeat +== Get started with {beatname_uc} + +++++ +Get started +++++ include::{libbeat-dir}/shared-getting-started-intro.asciidoc[] diff --git a/heartbeat/docs/heartbeat-filtering.asciidoc b/heartbeat/docs/heartbeat-filtering.asciidoc index 29545c3320f..6919965ac54 100644 --- a/heartbeat/docs/heartbeat-filtering.asciidoc +++ b/heartbeat/docs/heartbeat-filtering.asciidoc @@ -1,5 +1,9 @@ [[filtering-and-enhancing-data]] -== Filter and Enhance the exported data +== Filter and enhance data with processors + +++++ +Processors +++++ include::{libbeat-dir}/processors.asciidoc[] diff --git a/heartbeat/docs/heartbeat-general-options.asciidoc b/heartbeat/docs/heartbeat-general-options.asciidoc index 2013d3103ee..d1a6c1b9750 100644 --- a/heartbeat/docs/heartbeat-general-options.asciidoc +++ b/heartbeat/docs/heartbeat-general-options.asciidoc @@ -1,5 +1,9 @@ [[configuration-general-options]] -== Specify general settings +== Configure general settings + +++++ +General settings +++++ You can specify settings in the +{beatname_lc}.yml+ config file to control the general behavior of {beatname_uc}. diff --git a/heartbeat/docs/heartbeat-observer-options.asciidoc b/heartbeat/docs/heartbeat-observer-options.asciidoc index d38e4eec379..73c2707c745 100644 --- a/heartbeat/docs/heartbeat-observer-options.asciidoc +++ b/heartbeat/docs/heartbeat-observer-options.asciidoc @@ -1,5 +1,5 @@ [[configuration-observer-options]] -== Specify Observer and Geo Options +== Add observer and geo metadata It is often useful to view and query various attributes of the instance Heartbeat is running on. This data is attached to events via the <> processor. This processor populates the ECS `observer.*` fields. One field of particular utility is the `observer.geo.name` field, which you can configure via this processor. Use this field to create distinctive geographic regions for your uptime checks. You might label your regions by datacenter name or geographic region, e.g. `virginia-dc-1`, or `us-east-1a`, or `virginia-us`. diff --git a/heartbeat/docs/heartbeat-options.asciidoc b/heartbeat/docs/heartbeat-options.asciidoc index 6becc27a7a9..ad5d96102a0 100644 --- a/heartbeat/docs/heartbeat-options.asciidoc +++ b/heartbeat/docs/heartbeat-options.asciidoc @@ -1,8 +1,8 @@ [[configuration-heartbeat-options]] -== Set up {beatname_uc} monitors +== Configure {beatname_uc} monitors ++++ -Set up monitors +Monitors ++++ To configure {beatname_uc} define a set of `monitors` to check your remote hosts. diff --git a/heartbeat/docs/howto/howto.asciidoc b/heartbeat/docs/howto/howto.asciidoc new file mode 100644 index 00000000000..6e7ef945d6a --- /dev/null +++ b/heartbeat/docs/howto/howto.asciidoc @@ -0,0 +1,32 @@ +[[howto-guides]] += How to + +[partintro] +-- +Learn how to perform common {beatname_uc} configuration tasks. + +* <> +* <<{beatname_lc}-geoip>> +* <> +* <> +* <> + + +-- + +include::{docdir}/heartbeat-observer-options.asciidoc[] + +include::{libbeat-dir}/shared-geoip.asciidoc[] + +:standalone: +include::{libbeat-dir}/shared-env-vars.asciidoc[] +:standalone!: + +include::{libbeat-dir}/shared-config-ingest.asciidoc[] + +:standalone: +include::{libbeat-dir}/yaml.asciidoc[] +:standalone!: + + + diff --git a/heartbeat/docs/index.asciidoc b/heartbeat/docs/index.asciidoc index 9b356037603..7520ea1d5dd 100644 --- a/heartbeat/docs/index.asciidoc +++ b/heartbeat/docs/index.asciidoc @@ -38,6 +38,8 @@ include::./setting-up-running.asciidoc[] include::./configuring-howto.asciidoc[] +include::{docdir}/howto/howto.asciidoc[] + include::./fields.asciidoc[] include::{libbeat-dir}/monitoring/monitoring-beats.asciidoc[] diff --git a/heartbeat/docs/setting-up-running.asciidoc b/heartbeat/docs/setting-up-running.asciidoc index 8ec02a23fbd..9808c01bc7f 100644 --- a/heartbeat/docs/setting-up-running.asciidoc +++ b/heartbeat/docs/setting-up-running.asciidoc @@ -5,7 +5,11 @@ ///// [[setting-up-and-running]] -== Setting up and running {beatname_uc} +== Set up and run {beatname_uc} + +++++ +Set up and run +++++ Before reading this section, see the <<{beatname_lc}-getting-started,getting started documentation>> for basic diff --git a/heartbeat/docs/troubleshooting.asciidoc b/heartbeat/docs/troubleshooting.asciidoc index 0fa1379f6c9..12c429715df 100644 --- a/heartbeat/docs/troubleshooting.asciidoc +++ b/heartbeat/docs/troubleshooting.asciidoc @@ -1,5 +1,5 @@ [[troubleshooting]] -= Troubleshooting += Troubleshoot [partintro] -- diff --git a/journalbeat/docs/config-options.asciidoc b/journalbeat/docs/config-options.asciidoc index 37eac9153d9..63896054b87 100644 --- a/journalbeat/docs/config-options.asciidoc +++ b/journalbeat/docs/config-options.asciidoc @@ -2,7 +2,7 @@ == Configure inputs ++++ -Configure inputs +Inputs ++++ By default, {beatname_uc} reads log events from the default systemd journals. To diff --git a/journalbeat/docs/configuring-howto.asciidoc b/journalbeat/docs/configuring-howto.asciidoc index 2a651def0f5..f3ce587285b 100644 --- a/journalbeat/docs/configuring-howto.asciidoc +++ b/journalbeat/docs/configuring-howto.asciidoc @@ -1,8 +1,11 @@ [id="configuring-howto-{beatname_lc}"] -= Configuring {beatname_uc} += Configure {beatname_uc} [partintro] -- +++++ +Configure +++++ Before modifying configuration settings, make sure you've completed the <<{beatname_lc}-configuration,configuration steps>> in the Getting Started. @@ -14,21 +17,16 @@ The following topics describe how to configure {beatname_uc}: * <> * <> -* <> +* <> * <> -* <> * <> -* <> -* <> -* <<{beatname_lc}-geoip>> -* <> -* <> +* <> * <> +* <> +* <> * <> -* <> -* <> -* <> * <> +* <> * <<{beatname_lc}-reference-yml>> -- @@ -37,38 +35,24 @@ include::./config-options.asciidoc[] include::./general-options.asciidoc[] -include::{libbeat-dir}/queueconfig.asciidoc[] +include::{libbeat-dir}/shared-path-config.asciidoc[] include::{libbeat-dir}/outputconfig.asciidoc[] -include::{libbeat-dir}/shared-ilm.asciidoc[] - include::{libbeat-dir}/shared-ssl-config.asciidoc[] -include::./filtering.asciidoc[] - -include::{libbeat-dir}/shared-config-ingest.asciidoc[] - -include::{libbeat-dir}/shared-geoip.asciidoc[] +include::{libbeat-dir}/shared-ilm.asciidoc[] -include::{libbeat-dir}/shared-path-config.asciidoc[] +include::{libbeat-dir}/setup-config.asciidoc[] -include::{libbeat-dir}/shared-kibana-config.asciidoc[] +include::./filtering.asciidoc[] -include::{libbeat-dir}/setup-config.asciidoc[] +include::{libbeat-dir}/queueconfig.asciidoc[] include::{libbeat-dir}/loggingconfig.asciidoc[] -:standalone: -include::{libbeat-dir}/shared-env-vars.asciidoc[] -:standalone!: - -:standalone: -include::{libbeat-dir}/yaml.asciidoc[] -:standalone!: +include::{libbeat-dir}/http-endpoint.asciidoc[] include::{libbeat-dir}/regexp.asciidoc[] -include::{libbeat-dir}/http-endpoint.asciidoc[] - include::{libbeat-dir}/reference-yml.asciidoc[] diff --git a/journalbeat/docs/filtering.asciidoc b/journalbeat/docs/filtering.asciidoc index fc7dba749d4..5bfcdd53254 100644 --- a/journalbeat/docs/filtering.asciidoc +++ b/journalbeat/docs/filtering.asciidoc @@ -1,5 +1,9 @@ [[filtering-and-enhancing-data]] -== Filter and enhance the exported data +== Filter and enhance data with processors + +++++ +Processors +++++ Your use case might require only a subset of the data exported by {beatname_uc}, or you might need to enhance the exported data (for example, by adding diff --git a/journalbeat/docs/general-options.asciidoc b/journalbeat/docs/general-options.asciidoc index 5649877fc8c..32c39676bfe 100644 --- a/journalbeat/docs/general-options.asciidoc +++ b/journalbeat/docs/general-options.asciidoc @@ -1,5 +1,9 @@ [[configuration-general-options]] -== Specify general settings +== Configure general settings + +++++ +General settings +++++ You can specify settings in the +{beatname_lc}.yml+ config file to control the general behavior of {beatname_uc}. This includes: diff --git a/journalbeat/docs/getting-started.asciidoc b/journalbeat/docs/getting-started.asciidoc index dcde1df7bd0..7d90caa49ad 100644 --- a/journalbeat/docs/getting-started.asciidoc +++ b/journalbeat/docs/getting-started.asciidoc @@ -1,5 +1,9 @@ [id="{beatname_lc}-getting-started"] -== Getting started with {beatname_uc} +== Get started with {beatname_uc} + +++++ +Get started +++++ include::{libbeat-dir}/shared-getting-started-intro.asciidoc[] diff --git a/journalbeat/docs/howto/howto.asciidoc b/journalbeat/docs/howto/howto.asciidoc new file mode 100644 index 00000000000..177ed8db1d2 --- /dev/null +++ b/journalbeat/docs/howto/howto.asciidoc @@ -0,0 +1,30 @@ +[[howto-guides]] += How to + +[partintro] +-- +Learn how to perform common {beatname_uc} configuration tasks. + +* <<{beatname_lc}-geoip>> +* <> +* <> +* <> + + +-- + + +include::{libbeat-dir}/shared-geoip.asciidoc[] + +:standalone: +include::{libbeat-dir}/shared-env-vars.asciidoc[] +:standalone!: + +include::{libbeat-dir}/shared-config-ingest.asciidoc[] + +:standalone: +include::{libbeat-dir}/yaml.asciidoc[] +:standalone!: + + + diff --git a/journalbeat/docs/index.asciidoc b/journalbeat/docs/index.asciidoc index 2fb3b7ad0c5..f9e80375a4a 100644 --- a/journalbeat/docs/index.asciidoc +++ b/journalbeat/docs/index.asciidoc @@ -33,6 +33,8 @@ include::./setting-up-running.asciidoc[] include::./configuring-howto.asciidoc[] +include::{docdir}/howto/howto.asciidoc[] + include::./fields.asciidoc[] include::{libbeat-dir}/monitoring/monitoring-beats.asciidoc[] diff --git a/journalbeat/docs/setting-up-running.asciidoc b/journalbeat/docs/setting-up-running.asciidoc index bf67e6501ab..265e4d8fae8 100644 --- a/journalbeat/docs/setting-up-running.asciidoc +++ b/journalbeat/docs/setting-up-running.asciidoc @@ -5,7 +5,11 @@ ///// [[setting-up-and-running]] -== Setting up and running {beatname_uc} +== Set up and run {beatname_uc} + +++++ +Set up and run +++++ Before reading this section, see the <<{beatname_lc}-getting-started,getting started documentation>> for basic diff --git a/journalbeat/docs/troubleshooting.asciidoc b/journalbeat/docs/troubleshooting.asciidoc index a1b4b1e72c6..b32d1b5fca2 100644 --- a/journalbeat/docs/troubleshooting.asciidoc +++ b/journalbeat/docs/troubleshooting.asciidoc @@ -1,5 +1,5 @@ [[troubleshooting]] -= Troubleshooting += Troubleshoot [partintro] -- diff --git a/libbeat/docs/contributing-to-beats.asciidoc b/libbeat/docs/contributing-to-beats.asciidoc index 7e568148da6..7205fbb8bbe 100644 --- a/libbeat/docs/contributing-to-beats.asciidoc +++ b/libbeat/docs/contributing-to-beats.asciidoc @@ -10,7 +10,7 @@ ////////////////////////////////////////////////////////////////////////// ["appendix",id="contributing-to-beats"] -= Contributing to Beats += Contribute to Beats The Beats are open source and we love to receive contributions from our community — you! diff --git a/libbeat/docs/dashboardsconfig.asciidoc b/libbeat/docs/dashboardsconfig.asciidoc index 1a59f6884de..7bed3d256f8 100644 --- a/libbeat/docs/dashboardsconfig.asciidoc +++ b/libbeat/docs/dashboardsconfig.asciidoc @@ -10,7 +10,11 @@ ////////////////////////////////////////////////////////////////////////// [[configuration-dashboards]] -== Load the Kibana dashboards +== Configure Kibana dashboard loading + +++++ +Kibana dashboards +++++ {beatname_uc} comes packaged with example Kibana dashboards, visualizations, and searches for visualizing {beatname_uc} data in Kibana. diff --git a/libbeat/docs/generalconfig.asciidoc b/libbeat/docs/generalconfig.asciidoc index 2bc385c68cf..859ead3705d 100644 --- a/libbeat/docs/generalconfig.asciidoc +++ b/libbeat/docs/generalconfig.asciidoc @@ -14,6 +14,10 @@ [[configuration-general]] === General configuration options +++++ +General settings +++++ + These options are supported by all Elastic Beats. Because they are common options, they are not namespaced. diff --git a/libbeat/docs/gettingstarted.asciidoc b/libbeat/docs/gettingstarted.asciidoc index 80e4a5e4998..4df199ace71 100644 --- a/libbeat/docs/gettingstarted.asciidoc +++ b/libbeat/docs/gettingstarted.asciidoc @@ -1,9 +1,9 @@ [[getting-started]] -== Getting started with {beats} +== Get started with {beats} Each Beat is a separately installable product. Before installing Beats, you need to install and configure the {stack}. To learn how to get up and running -quickly, see {stack-gs}/get-started-elastic-stack.html[Getting started with the +quickly, see {stack-gs}/get-started-elastic-stack.html[Get started with the {stack}]. [TIP] diff --git a/libbeat/docs/http-endpoint.asciidoc b/libbeat/docs/http-endpoint.asciidoc index 00fd30db8c6..153bd106db2 100644 --- a/libbeat/docs/http-endpoint.asciidoc +++ b/libbeat/docs/http-endpoint.asciidoc @@ -10,7 +10,11 @@ ////////////////////////////////////////////////////////////////////////// [[http-endpoint]] -== HTTP Endpoint +== Configure an HTTP endpoint for metrics + +++++ +HTTP endpoint +++++ experimental[] diff --git a/libbeat/docs/loggingconfig.asciidoc b/libbeat/docs/loggingconfig.asciidoc index 605bd040315..633ca7ca2e4 100644 --- a/libbeat/docs/loggingconfig.asciidoc +++ b/libbeat/docs/loggingconfig.asciidoc @@ -13,6 +13,10 @@ [[configuration-logging]] == Configure logging +++++ +Logging +++++ + The `logging` section of the +{beatname_lc}.yml+ config file contains options for configuring the logging output. ifndef::serverless[] diff --git a/libbeat/docs/monitoring/monitoring-beats.asciidoc b/libbeat/docs/monitoring/monitoring-beats.asciidoc index fd6d28d5d2e..34ce2c0f24a 100644 --- a/libbeat/docs/monitoring/monitoring-beats.asciidoc +++ b/libbeat/docs/monitoring/monitoring-beats.asciidoc @@ -1,9 +1,12 @@ [role="xpack"] [[monitoring]] -= Monitoring {beatname_uc} += Monitor {beatname_uc} [partintro] -- +++++ +Monitor +++++ You can use the {stack} {monitor-features} to gain insight into the health of ifndef::apm-server[] diff --git a/libbeat/docs/monitoring/monitoring-internal-collection-legacy.asciidoc b/libbeat/docs/monitoring/monitoring-internal-collection-legacy.asciidoc index 6efd1764e0f..72b08628bf2 100644 --- a/libbeat/docs/monitoring/monitoring-internal-collection-legacy.asciidoc +++ b/libbeat/docs/monitoring/monitoring-internal-collection-legacy.asciidoc @@ -13,7 +13,7 @@ [[monitoring-internal-collection-legacy]] == Use legacy internal collection to send monitoring data ++++ -Legacy internal collection (deprecated) +Use legacy internal collection (deprecated) ++++ deprecated[7.2.0] diff --git a/libbeat/docs/monitoring/monitoring-internal-collection.asciidoc b/libbeat/docs/monitoring/monitoring-internal-collection.asciidoc index bace51ad5ce..d7893ce9c6b 100644 --- a/libbeat/docs/monitoring/monitoring-internal-collection.asciidoc +++ b/libbeat/docs/monitoring/monitoring-internal-collection.asciidoc @@ -13,7 +13,7 @@ [[monitoring-internal-collection]] == Use internal collection to send monitoring data ++++ -Internal collection +Use internal collection ++++ Use internal collectors to send {beats} monitoring data directly to your diff --git a/libbeat/docs/monitoring/monitoring-metricbeat.asciidoc b/libbeat/docs/monitoring/monitoring-metricbeat.asciidoc index fba08e6790b..afac9852133 100644 --- a/libbeat/docs/monitoring/monitoring-metricbeat.asciidoc +++ b/libbeat/docs/monitoring/monitoring-metricbeat.asciidoc @@ -3,7 +3,7 @@ == Use {metricbeat} to send monitoring data [subs="attributes"] ++++ -{metricbeat} collection +Use {metricbeat} collection ++++ In 7.3 and later, you can use {metricbeat} to collect data about {beatname_uc} @@ -123,7 +123,7 @@ metricbeat modules enable beat-xpack ---------------------------------------------------------------------- For more information, see -{metricbeat-ref}/configuration-metricbeat.html[Specify which modules to run] and +{metricbeat-ref}/configuration-metricbeat.html[Configure modules] and {metricbeat-ref}/metricbeat-module-beat.html[beat module]. // end::enable-beat-module[] -- diff --git a/libbeat/docs/outputconfig.asciidoc b/libbeat/docs/outputconfig.asciidoc index 73f0cfe4d19..efb84fabbfa 100644 --- a/libbeat/docs/outputconfig.asciidoc +++ b/libbeat/docs/outputconfig.asciidoc @@ -14,6 +14,10 @@ [[configuring-output]] == Configure the output +++++ +Output +++++ + You configure {beatname_uc} to write to a specific output by setting options in the Outputs section of the +{beatname_lc}.yml+ config file. Only a single output may be defined. diff --git a/libbeat/docs/queueconfig.asciidoc b/libbeat/docs/queueconfig.asciidoc index af53cb0ed17..0e63e11605a 100644 --- a/libbeat/docs/queueconfig.asciidoc +++ b/libbeat/docs/queueconfig.asciidoc @@ -1,6 +1,9 @@ [[configuring-internal-queue]] == Configure the internal queue +++++ +Internal queue +++++ {beatname_uc} uses an internal queue to store events before publishing them. The queue is responsible for buffering and combining events into batches that can be consumed by the outputs. The outputs will use bulk operations to send a diff --git a/libbeat/docs/setup-config.asciidoc b/libbeat/docs/setup-config.asciidoc index 2fa6373f72c..ce58296afc6 100644 --- a/libbeat/docs/setup-config.asciidoc +++ b/libbeat/docs/setup-config.asciidoc @@ -1,6 +1,9 @@ +include::./template-config.asciidoc[] + ifndef::no_dashboards[] +include::./shared-kibana-config.asciidoc[] + include::./dashboardsconfig.asciidoc[] endif::no_dashboards[] -include::./template-config.asciidoc[] diff --git a/libbeat/docs/shared-deduplication.asciidoc b/libbeat/docs/shared-deduplication.asciidoc index 1f8ab85385c..997f12c488b 100644 --- a/libbeat/docs/shared-deduplication.asciidoc +++ b/libbeat/docs/shared-deduplication.asciidoc @@ -1,5 +1,5 @@ [id="{beatname_lc}-deduplication"] -== Data deduplication +== Deduplicate data The {beats} framework guarantees at-least-once delivery to ensure that no data is lost when events are sent to outputs that support acknowledgement, such as diff --git a/libbeat/docs/shared-docker.asciidoc b/libbeat/docs/shared-docker.asciidoc index 0d34a6d316a..65ab23078d8 100644 --- a/libbeat/docs/shared-docker.asciidoc +++ b/libbeat/docs/shared-docker.asciidoc @@ -1,5 +1,5 @@ [[running-on-docker]] -=== Running {beatname_uc} on Docker +=== Run {beatname_uc} on Docker Docker images for {beatname_uc} are available from the Elastic Docker registry. The base image is https://hub.docker.com/_/centos/[centos:7]. @@ -14,7 +14,7 @@ paid commercial features. See the https://www.elastic.co/subscriptions[Subscriptions] page for information about Elastic license levels. -==== Pulling the image +==== Pull the image Obtaining {beatname_uc} for Docker is as simple as issuing a +docker pull+ command against the Elastic Docker registry. diff --git a/libbeat/docs/shared-download-and-install.asciidoc b/libbeat/docs/shared-download-and-install.asciidoc index 8f2fdd12e3c..5eabb2cbd02 100644 --- a/libbeat/docs/shared-download-and-install.asciidoc +++ b/libbeat/docs/shared-download-and-install.asciidoc @@ -1,6 +1,6 @@ *Before you begin*: If you haven't installed the {stack}, do that now. See -{stack-gs}/get-started-elastic-stack.html[Getting started with the {stack}]. +{stack-gs}/get-started-elastic-stack.html[Get started with the {stack}]. To download and install {beatname_uc}, use the commands that work with your system. diff --git a/libbeat/docs/shared-getting-started-intro.asciidoc b/libbeat/docs/shared-getting-started-intro.asciidoc index 83a13b26e44..e0200fd8533 100644 --- a/libbeat/docs/shared-getting-started-intro.asciidoc +++ b/libbeat/docs/shared-getting-started-intro.asciidoc @@ -8,7 +8,7 @@ ifndef::no-output-logstash[] * {ls} (optional) for parsing and enhancing the data. endif::[] -See {stack-gs}/get-started-elastic-stack.html[Getting started with the {stack}] +See {stack-gs}/get-started-elastic-stack.html[Get started with the {stack}] for more information about installing these products. [TIP] diff --git a/libbeat/docs/shared-ilm.asciidoc b/libbeat/docs/shared-ilm.asciidoc index 1336ee86b0a..3502596e143 100644 --- a/libbeat/docs/shared-ilm.asciidoc +++ b/libbeat/docs/shared-ilm.asciidoc @@ -2,6 +2,10 @@ [role="xpack"] == Configure index lifecycle management +++++ +Index lifecycle management (ILM) +++++ + Use the {ref}/getting-started-index-lifecycle-management.html[index lifecycle management] (ILM) feature in {es} to manage your {beatname_uc} indices as they age. For example, instead of creating daily indices where index size can vary based diff --git a/libbeat/docs/shared-kibana-config.asciidoc b/libbeat/docs/shared-kibana-config.asciidoc index aed3ae35214..e39fec57013 100644 --- a/libbeat/docs/shared-kibana-config.asciidoc +++ b/libbeat/docs/shared-kibana-config.asciidoc @@ -12,6 +12,10 @@ [[setup-kibana-endpoint]] == Configure the Kibana endpoint +++++ +Kibana endpoint +++++ + Starting with {beatname_uc} 6.0.0, the Kibana dashboards are loaded into Kibana via the Kibana API. This requires a Kibana endpoint configuration. diff --git a/libbeat/docs/shared-path-config.asciidoc b/libbeat/docs/shared-path-config.asciidoc index 981a64f23df..e6264dbca6f 100644 --- a/libbeat/docs/shared-path-config.asciidoc +++ b/libbeat/docs/shared-path-config.asciidoc @@ -13,6 +13,10 @@ [[configuration-path]] == Configure project paths +++++ +Project paths +++++ + The `path` section of the +{beatname_lc}.yml+ config file contains configuration options that define where {beatname_uc} looks for its files. For example, {beatname_uc} looks for the Elasticsearch template file in the configuration path and writes diff --git a/libbeat/docs/shared-securing-beat.asciidoc b/libbeat/docs/shared-securing-beat.asciidoc index 531ca18fd12..67f38aeb50b 100644 --- a/libbeat/docs/shared-securing-beat.asciidoc +++ b/libbeat/docs/shared-securing-beat.asciidoc @@ -1,9 +1,13 @@ [id="securing-{beatname_lc}"] -= Securing {beatname_uc} += Secure {beatname_uc} [partintro] -- +++++ +Secure +++++ + The following topics provide information about securing the {beatname_uc} process and securing communication between {beatname_uc} and other products in the Elastic stack: diff --git a/libbeat/docs/shared-shutdown.asciidoc b/libbeat/docs/shared-shutdown.asciidoc index bbe14b011f5..c1b5c5128c7 100644 --- a/libbeat/docs/shared-shutdown.asciidoc +++ b/libbeat/docs/shared-shutdown.asciidoc @@ -10,7 +10,7 @@ ////////////////////////////////////////////////////////////////////////// [[shutdown]] -=== Stopping {beatname_uc} +=== Stop {beatname_uc} An orderly shutdown of {beatname_uc} ensures that it has a chance to clean up and close outstanding resources. You can help ensure an orderly shutdown by diff --git a/libbeat/docs/shared-ssl-config.asciidoc b/libbeat/docs/shared-ssl-config.asciidoc index 899d0dcd681..ebfe2a9b5b6 100644 --- a/libbeat/docs/shared-ssl-config.asciidoc +++ b/libbeat/docs/shared-ssl-config.asciidoc @@ -1,6 +1,10 @@ [[configuration-ssl]] ifndef::apm-server[] -== Specify SSL settings +== Configure SSL + +++++ +SSL +++++ endif::apm-server[] ifdef::apm-server[] == SSL output settings @@ -12,7 +16,9 @@ ifndef::apm-server[] You can specify SSL options when you configure: * <> that support SSL +ifndef::no_dashboards[] * the <> +endif::[] ifeval::["{beatname_lc}"=="heartbeat"] * <> that support SSL endif::[] diff --git a/libbeat/docs/template-config.asciidoc b/libbeat/docs/template-config.asciidoc index 9f84f65e429..52b602a6c28 100644 --- a/libbeat/docs/template-config.asciidoc +++ b/libbeat/docs/template-config.asciidoc @@ -1,6 +1,10 @@ [[configuration-template]] -== Load the Elasticsearch index template +== Configure Elasticsearch index template loading + +++++ +Elasticsearch index template +++++ The `setup.template` section of the +{beatname_lc}.yml+ config file specifies the {ref}/indices-templates.html[index template] to use for setting diff --git a/libbeat/docs/upgrading.asciidoc b/libbeat/docs/upgrading.asciidoc index ea3fb430bb5..7ea64dc366d 100644 --- a/libbeat/docs/upgrading.asciidoc +++ b/libbeat/docs/upgrading.asciidoc @@ -1,5 +1,5 @@ [[upgrading]] -== Upgrading +== Upgrade This section gives general recommendations for upgrading {beats} shippers: @@ -292,7 +292,7 @@ If you want to disable index lifecycle management, set `setup.ilm.enabled: false` in the {beats} configuration file. [[troubleshooting-upgrade]] -=== Troubleshooting {beats} upgrade issues +=== Troubleshoot {beats} upgrade issues This section describes common problems you might encounter when upgrading to {beats} 7.x. diff --git a/libbeat/docs/yaml.asciidoc b/libbeat/docs/yaml.asciidoc index 15997c4acf0..f4c78f9c25b 100644 --- a/libbeat/docs/yaml.asciidoc +++ b/libbeat/docs/yaml.asciidoc @@ -15,7 +15,7 @@ ifdef::standalone[] [[yaml-tips]] -== YAML tips and gotchas +== Avoid YAML formatting problems endif::[] diff --git a/metricbeat/docs/configuring-howto.asciidoc b/metricbeat/docs/configuring-howto.asciidoc index b282976c097..91b6a7f120c 100644 --- a/metricbeat/docs/configuring-howto.asciidoc +++ b/metricbeat/docs/configuring-howto.asciidoc @@ -1,8 +1,12 @@ [[configuring-howto-metricbeat]] -= Configuring {beatname_uc} += Configure {beatname_uc} [partintro] -- +++++ +Configure +++++ + Before modifying configuration settings, make sure you've completed the <> in the Getting Started. This section describes some common use cases for changing configuration options. @@ -21,24 +25,20 @@ The following topics describe how to configure {beatname_uc}: * <> * <> +* <> * <> -* <> * <> -* <> * <> -* <> -* <> -* <<{beatname_lc}-geoip>> -* <> +* <> +* <> * <> * <> -* <> -* <> -* <> +* <> * <> -* <> -* <> +* <> +* <> * <> +* <> * <<{beatname_lc}-reference-yml>> -- @@ -47,33 +47,19 @@ include::./metricbeat-options.asciidoc[] include::./metricbeat-general-options.asciidoc[] -include::./reload-configuration.asciidoc[] +include::{libbeat-dir}/shared-path-config.asciidoc[] -include::{libbeat-dir}/queueconfig.asciidoc[] +include::{docdir}/../docs/reload-configuration.asciidoc[] include::{libbeat-dir}/outputconfig.asciidoc[] -include::{libbeat-dir}/shared-ilm.asciidoc[] - include::{libbeat-dir}/shared-ssl-config.asciidoc[] -include::./metricbeat-filtering.asciidoc[] - -include::{libbeat-dir}/shared-config-ingest.asciidoc[] - -include::{libbeat-dir}/shared-geoip.asciidoc[] - -include::{libbeat-dir}/shared-path-config.asciidoc[] - -include::{libbeat-dir}/shared-kibana-config.asciidoc[] +include::{libbeat-dir}/shared-ilm.asciidoc[] include::{libbeat-dir}/setup-config.asciidoc[] -include::{libbeat-dir}/loggingconfig.asciidoc[] - -:standalone: -include::{libbeat-dir}/shared-env-vars.asciidoc[] -:standalone!: +include::./metricbeat-filtering.asciidoc[] :autodiscoverJolokia: :autodiscoverHints: @@ -81,12 +67,12 @@ include::{libbeat-dir}/shared-env-vars.asciidoc[] include::{libbeat-dir}/shared-autodiscover.asciidoc[] :autodiscoverAWSEC2!: -:standalone: -include::{libbeat-dir}/yaml.asciidoc[] -:standalone!: +include::{libbeat-dir}/queueconfig.asciidoc[] -include::{libbeat-dir}/regexp.asciidoc[] +include::{libbeat-dir}/loggingconfig.asciidoc[] include::{libbeat-dir}/http-endpoint.asciidoc[] +include::{libbeat-dir}/regexp.asciidoc[] + include::{libbeat-dir}/reference-yml.asciidoc[] diff --git a/metricbeat/docs/gettingstarted.asciidoc b/metricbeat/docs/gettingstarted.asciidoc index db1c9fe3365..d185dd69d64 100644 --- a/metricbeat/docs/gettingstarted.asciidoc +++ b/metricbeat/docs/gettingstarted.asciidoc @@ -1,5 +1,9 @@ [id="{beatname_lc}-getting-started"] -== Getting started with {beatname_uc} +== Get started with {beatname_uc} + +++++ +Get started +++++ {beatname_uc} helps you monitor your servers and the services they host by collecting metrics from the operating system and services. diff --git a/metricbeat/docs/howto/howto.asciidoc b/metricbeat/docs/howto/howto.asciidoc new file mode 100644 index 00000000000..2e9cacbb06b --- /dev/null +++ b/metricbeat/docs/howto/howto.asciidoc @@ -0,0 +1,29 @@ +[[howto-guides]] += How to + +[partintro] +-- +Learn how to perform common {beatname_uc} configuration tasks. + +* <<{beatname_lc}-geoip>> +* <> +* <> +* <> + + +-- + +include::{libbeat-dir}/shared-geoip.asciidoc[] + +:standalone: +include::{libbeat-dir}/shared-env-vars.asciidoc[] +:standalone!: + +include::{libbeat-dir}/shared-config-ingest.asciidoc[] + +:standalone: +include::{libbeat-dir}/yaml.asciidoc[] +:standalone!: + + + diff --git a/metricbeat/docs/index.asciidoc b/metricbeat/docs/index.asciidoc index 3b0ce152be2..088cc570c1f 100644 --- a/metricbeat/docs/index.asciidoc +++ b/metricbeat/docs/index.asciidoc @@ -46,6 +46,8 @@ include::./how-metricbeat-works.asciidoc[] include::./configuring-howto.asciidoc[] +include::{docdir}/howto/howto.asciidoc[] + include::{libbeat-dir}/shared-central-management.asciidoc[] include::./modules.asciidoc[] diff --git a/metricbeat/docs/metricbeat-filtering.asciidoc b/metricbeat/docs/metricbeat-filtering.asciidoc index b518823375b..c7ea4c353c5 100644 --- a/metricbeat/docs/metricbeat-filtering.asciidoc +++ b/metricbeat/docs/metricbeat-filtering.asciidoc @@ -1,5 +1,9 @@ [[filtering-and-enhancing-data]] -== Filter and enhance the exported data +== Filter and enhance data with processors + +++++ +Processors +++++ include::{libbeat-dir}/processors.asciidoc[] diff --git a/metricbeat/docs/metricbeat-general-options.asciidoc b/metricbeat/docs/metricbeat-general-options.asciidoc index 3c3ce834b0e..2e637863728 100644 --- a/metricbeat/docs/metricbeat-general-options.asciidoc +++ b/metricbeat/docs/metricbeat-general-options.asciidoc @@ -1,5 +1,9 @@ [[configuration-general-options]] -== Specify general settings +== Configure general settings + +++++ +General settings +++++ You can specify settings in the +{beatname_lc}.yml+ config file to control the general behavior of {beatname_uc}. This includes: diff --git a/metricbeat/docs/metricbeat-options.asciidoc b/metricbeat/docs/metricbeat-options.asciidoc index 8c26d32efe0..0d3e5f99afd 100644 --- a/metricbeat/docs/metricbeat-options.asciidoc +++ b/metricbeat/docs/metricbeat-options.asciidoc @@ -1,5 +1,9 @@ [[configuration-metricbeat]] -== Specify which modules to run +== Configure modules + +++++ +Modules +++++ Metricbeat provides a couple different ways to enable modules and metricsets: diff --git a/metricbeat/docs/reload-configuration.asciidoc b/metricbeat/docs/reload-configuration.asciidoc index 49fedc9271e..2c467a823cf 100644 --- a/metricbeat/docs/reload-configuration.asciidoc +++ b/metricbeat/docs/reload-configuration.asciidoc @@ -1,6 +1,10 @@ [[metricbeat-configuration-reloading]] == Load external configuration files +++++ +Config file loading +++++ + Metricbeat can load external configuration files for modules, which allows you to separate your configuration into multiple smaller configuration files. To use this, you specify the `path` option under `metricbeat.config.modules` in the diff --git a/metricbeat/docs/setting-up-running.asciidoc b/metricbeat/docs/setting-up-running.asciidoc index 9ae0014d472..305d802fa11 100644 --- a/metricbeat/docs/setting-up-running.asciidoc +++ b/metricbeat/docs/setting-up-running.asciidoc @@ -5,7 +5,11 @@ ///// [[setting-up-and-running]] -== Setting up and running {beatname_uc} +== Set up and run {beatname_uc} + +++++ +Set up and run +++++ Before reading this section, see the <<{beatname_lc}-getting-started,getting started documentation>> for basic diff --git a/metricbeat/docs/troubleshooting.asciidoc b/metricbeat/docs/troubleshooting.asciidoc index 07ed381f908..823ad0d3357 100644 --- a/metricbeat/docs/troubleshooting.asciidoc +++ b/metricbeat/docs/troubleshooting.asciidoc @@ -1,5 +1,5 @@ [[troubleshooting]] -= Troubleshooting += Troubleshoot [partintro] -- diff --git a/metricbeat/docs/upgrading.asciidoc b/metricbeat/docs/upgrading.asciidoc index c01990be8c8..5a01b443ae8 100644 --- a/metricbeat/docs/upgrading.asciidoc +++ b/metricbeat/docs/upgrading.asciidoc @@ -1,7 +1,7 @@ [[upgrading-metricbeat]] -== Upgrading Metricbeat +== Upgrade Metricbeat For information about upgrading to a new version, see the following topics in the _Beats Platform Reference_: * {beats-ref}/breaking-changes.html[Breaking Changes] -* {beats-ref}/upgrading.html[Upgrading] +* {beats-ref}/upgrading.html[Upgrade] diff --git a/packetbeat/docs/configuring-howto.asciidoc b/packetbeat/docs/configuring-howto.asciidoc index 0ac11ad1b70..3ce8ef2c339 100644 --- a/packetbeat/docs/configuring-howto.asciidoc +++ b/packetbeat/docs/configuring-howto.asciidoc @@ -1,8 +1,12 @@ [[configuring-howto-packetbeat]] -= Configuring Packetbeat += Configure {beatname_uc} [partintro] -- +++++ +Configure +++++ + Before modifying configuration settings, make sure you've completed the <> in the Getting Started. This section describes some common use cases for changing configuration options. @@ -19,25 +23,21 @@ _Beats Platform Reference_ for more about the structure of the config file. The following topics describe how to configure Packetbeat: -* <> * <> * <> * <> * <> -* <> +* <> +* <> * <> -* <> * <> -* <> -* <> -* <<{beatname_lc}-geoip>> -* <> +* <> +* <> * <> * <> -* <> +* <> +* <> * <> -* <> -* <> * <> * <<{beatname_lc}-reference-yml>> @@ -47,35 +47,21 @@ include::./packetbeat-options.asciidoc[] include::./packetbeat-general-options.asciidoc[] -include::{libbeat-dir}/queueconfig.asciidoc[] +include::{libbeat-dir}/shared-path-config.asciidoc[] include::{libbeat-dir}/outputconfig.asciidoc[] -include::{libbeat-dir}/shared-ilm.asciidoc[] - include::{libbeat-dir}/shared-ssl-config.asciidoc[] -include::./packetbeat-filtering.asciidoc[] - -include::{libbeat-dir}/shared-config-ingest.asciidoc[] - -include::{libbeat-dir}/shared-geoip.asciidoc[] - -include::{libbeat-dir}/shared-path-config.asciidoc[] - -include::{libbeat-dir}/shared-kibana-config.asciidoc[] +include::{libbeat-dir}/shared-ilm.asciidoc[] include::{libbeat-dir}/setup-config.asciidoc[] -include::{libbeat-dir}/loggingconfig.asciidoc[] +include::./packetbeat-filtering.asciidoc[] -:standalone: -include::{libbeat-dir}/shared-env-vars.asciidoc[] -:standalone!: +include::{libbeat-dir}/queueconfig.asciidoc[] -:standalone: -include::{libbeat-dir}/yaml.asciidoc[] -:standalone!: +include::{libbeat-dir}/loggingconfig.asciidoc[] include::{libbeat-dir}/http-endpoint.asciidoc[] diff --git a/packetbeat/docs/gettingstarted.asciidoc b/packetbeat/docs/gettingstarted.asciidoc index a00f7737a63..1c27b08e62e 100644 --- a/packetbeat/docs/gettingstarted.asciidoc +++ b/packetbeat/docs/gettingstarted.asciidoc @@ -1,5 +1,9 @@ [[packetbeat-getting-started]] -== Getting started with Packetbeat +== Get started with {beatname_uc} + +++++ +Get started +++++ The best way to understand the value of a network packet analytics system like Packetbeat is to try it on your own traffic. diff --git a/packetbeat/docs/howto/howto.asciidoc b/packetbeat/docs/howto/howto.asciidoc new file mode 100644 index 00000000000..01c81fee594 --- /dev/null +++ b/packetbeat/docs/howto/howto.asciidoc @@ -0,0 +1,36 @@ +[[howto-guides]] += How to + +[partintro] +-- +Learn how to perform common {beatname_uc} configuration tasks. + +* <<{beatname_lc}-geoip>> +* <> +* <> +* <> + + +-- + +[role="xpack"] +include::{libbeat-dir}/shared-geoip.asciidoc[] + +:standalone: +[role="xpack"] +include::{libbeat-dir}/shared-env-vars.asciidoc[] +:standalone!: + +[role="xpack"] +include::{libbeat-dir}/shared-config-ingest.asciidoc[] + +:standalone: +:allplatforms: +[role="xpack"] +include::{libbeat-dir}/yaml.asciidoc[] +:standalone!: +:allplatforms!: + + + + diff --git a/packetbeat/docs/index.asciidoc b/packetbeat/docs/index.asciidoc index 149fed09afb..c3c3a280241 100644 --- a/packetbeat/docs/index.asciidoc +++ b/packetbeat/docs/index.asciidoc @@ -41,6 +41,8 @@ include::./upgrading.asciidoc[] include::./configuring-howto.asciidoc[] +include::{docdir}/howto/howto.asciidoc[] + include::./fields.asciidoc[] include::{libbeat-dir}/monitoring/monitoring-beats.asciidoc[] diff --git a/packetbeat/docs/packetbeat-filtering.asciidoc b/packetbeat/docs/packetbeat-filtering.asciidoc index 50dad2d8430..3ac4d31f7c9 100644 --- a/packetbeat/docs/packetbeat-filtering.asciidoc +++ b/packetbeat/docs/packetbeat-filtering.asciidoc @@ -1,5 +1,9 @@ [[filtering-and-enhancing-data]] -== Filter and enhance the exported data +== Filter and enhance data with processors + +++++ +Processors +++++ include::{libbeat-dir}/processors.asciidoc[] diff --git a/packetbeat/docs/packetbeat-general-options.asciidoc b/packetbeat/docs/packetbeat-general-options.asciidoc index 2013d3103ee..d1a6c1b9750 100644 --- a/packetbeat/docs/packetbeat-general-options.asciidoc +++ b/packetbeat/docs/packetbeat-general-options.asciidoc @@ -1,5 +1,9 @@ [[configuration-general-options]] -== Specify general settings +== Configure general settings + +++++ +General settings +++++ You can specify settings in the +{beatname_lc}.yml+ config file to control the general behavior of {beatname_uc}. diff --git a/packetbeat/docs/packetbeat-options.asciidoc b/packetbeat/docs/packetbeat-options.asciidoc index 4855cbb773f..490e49f3ed7 100644 --- a/packetbeat/docs/packetbeat-options.asciidoc +++ b/packetbeat/docs/packetbeat-options.asciidoc @@ -1,5 +1,11 @@ [[configuration-interfaces]] -== Set traffic capturing options +== Configure traffic capturing options + +//TODO: Break this file down into multiple source files (one for each html page) + +++++ +Traffic sniffing +++++ There are two main ways of deploying Packetbeat: @@ -266,7 +272,11 @@ see the following published transactions (when `ignore_outgoing` is true): [[configuration-flows]] -== Set up flows to monitor network traffic +== Configure flows to monitor network traffic + +++++ +Network flows +++++ You can configure Packetbeat to collect and report statistics on network flows. A _flow_ is a group of packets sent over the same time period that share @@ -422,7 +432,11 @@ If this option is set to true, fields with `null` values will be published in the output document. By default, `keep_null` is set to `false`. [[configuration-protocols]] -== Specify which transaction protocols to monitor +== Configure which transaction protocols to monitor + +++++ +Protocols +++++ The `packetbeat.protocols` section of the +{beatname_lc}.yml+ config file contains configuration options for each supported protocol, including common @@ -1480,7 +1494,11 @@ allows to use request pipelining while at the same time limiting the amount of memory consumed by replication sessions. [[configuration-processes]] -== Specify which processes to monitor +== Configure which processes to monitor + +++++ +Processes +++++ This section of the +{beatname_lc}.yml+ config file is optional, but configuring the processes enables Packetbeat to show you not only the servers that the diff --git a/packetbeat/docs/setting-up-running.asciidoc b/packetbeat/docs/setting-up-running.asciidoc index 8ec02a23fbd..9808c01bc7f 100644 --- a/packetbeat/docs/setting-up-running.asciidoc +++ b/packetbeat/docs/setting-up-running.asciidoc @@ -5,7 +5,11 @@ ///// [[setting-up-and-running]] -== Setting up and running {beatname_uc} +== Set up and run {beatname_uc} + +++++ +Set up and run +++++ Before reading this section, see the <<{beatname_lc}-getting-started,getting started documentation>> for basic diff --git a/packetbeat/docs/troubleshooting.asciidoc b/packetbeat/docs/troubleshooting.asciidoc index 738d9ad8d0d..f6a3fb23be3 100644 --- a/packetbeat/docs/troubleshooting.asciidoc +++ b/packetbeat/docs/troubleshooting.asciidoc @@ -1,5 +1,5 @@ [[troubleshooting]] -= Troubleshooting += Troubleshoot [partintro] -- diff --git a/packetbeat/docs/upgrading.asciidoc b/packetbeat/docs/upgrading.asciidoc index c837383af27..f7fd8010f34 100644 --- a/packetbeat/docs/upgrading.asciidoc +++ b/packetbeat/docs/upgrading.asciidoc @@ -1,7 +1,7 @@ [[upgrading-packetbeat]] -== Upgrading Packetbeat +== Upgrade Packetbeat For information about upgrading to a new version, see the following topics in the _Beats Platform Reference_: * {beats-ref}/breaking-changes.html[Breaking Changes] -* {beats-ref}/upgrading.html[Upgrading] +* {beats-ref}/upgrading.html[Upgrade] diff --git a/packetbeat/docs/visualizing-data-packetbeat.asciidoc b/packetbeat/docs/visualizing-data-packetbeat.asciidoc index 18659f0b019..12b34aced1b 100644 --- a/packetbeat/docs/visualizing-data-packetbeat.asciidoc +++ b/packetbeat/docs/visualizing-data-packetbeat.asciidoc @@ -1,5 +1,5 @@ [[visualizing-data-packetbeat]] -= Visualizing Packetbeat data in Kibana += Visualize Packetbeat data in Kibana [partintro] -- diff --git a/winlogbeat/docs/configuring-howto.asciidoc b/winlogbeat/docs/configuring-howto.asciidoc index 445d5150e0b..dc622427b48 100644 --- a/winlogbeat/docs/configuring-howto.asciidoc +++ b/winlogbeat/docs/configuring-howto.asciidoc @@ -1,8 +1,12 @@ [[configuring-howto-winlogbeat]] -= Configuring Winlogbeat += Configure {beatname_uc} [partintro] -- +++++ +Configure +++++ + Before modifying configuration settings, make sure you've completed the <> in the Getting Started. This section describes some common use cases for changing configuration options. @@ -19,20 +23,16 @@ The following topics describe how to configure Winlogbeat: * <> * <> -* <> +* <> * <> -* <> * <> -* <> -* <> -* <<{beatname_lc}-geoip>> -* <> +* <> +* <> * <> * <> -* <> +* <> +* <> * <> -* <> -* <> * <> * <<{beatname_lc}-reference-yml>> @@ -42,35 +42,21 @@ include::./winlogbeat-options.asciidoc[] include::./winlogbeat-general-options.asciidoc[] -include::{libbeat-dir}/queueconfig.asciidoc[] +include::{libbeat-dir}/shared-path-config.asciidoc[] include::{libbeat-dir}/outputconfig.asciidoc[] -include::{libbeat-dir}/shared-ilm.asciidoc[] - include::{libbeat-dir}/shared-ssl-config.asciidoc[] -include::./winlogbeat-filtering.asciidoc[] - -include::{libbeat-dir}/shared-config-ingest.asciidoc[] - -include::{libbeat-dir}/shared-geoip.asciidoc[] - -include::{libbeat-dir}/shared-path-config.asciidoc[] - -include::{libbeat-dir}/shared-kibana-config.asciidoc[] +include::{libbeat-dir}/shared-ilm.asciidoc[] include::{libbeat-dir}/setup-config.asciidoc[] -include::{libbeat-dir}/loggingconfig.asciidoc[] +include::./winlogbeat-filtering.asciidoc[] -:standalone: -include::{libbeat-dir}/shared-env-vars.asciidoc[] -:standalone!: +include::{libbeat-dir}/queueconfig.asciidoc[] -:standalone: -include::{libbeat-dir}/yaml.asciidoc[] -:standalone!: +include::{libbeat-dir}/loggingconfig.asciidoc[] include::{libbeat-dir}/http-endpoint.asciidoc[] diff --git a/winlogbeat/docs/getting-started.asciidoc b/winlogbeat/docs/getting-started.asciidoc index 22e403bd390..4ccb1f6e02d 100644 --- a/winlogbeat/docs/getting-started.asciidoc +++ b/winlogbeat/docs/getting-started.asciidoc @@ -1,5 +1,9 @@ [[winlogbeat-getting-started]] -== Getting Started With Winlogbeat +== Get started with {beatname_uc} + +++++ +Get started +++++ include::{libbeat-dir}/shared-getting-started-intro.asciidoc[] @@ -15,7 +19,7 @@ include::{libbeat-dir}/shared-getting-started-intro.asciidoc[] === Step 1: Install Winlogbeat *Before you begin*: If you haven't installed the {stack}, do that now. See -{stack-gs}/get-started-elastic-stack.html[Getting started with the {stack}]. +{stack-gs}/get-started-elastic-stack.html[Get started with the {stack}]. . Download the Winlogbeat zip file from the https://www.elastic.co/downloads/beats/winlogbeat[downloads page]. diff --git a/winlogbeat/docs/howto/howto.asciidoc b/winlogbeat/docs/howto/howto.asciidoc new file mode 100644 index 00000000000..2e9cacbb06b --- /dev/null +++ b/winlogbeat/docs/howto/howto.asciidoc @@ -0,0 +1,29 @@ +[[howto-guides]] += How to + +[partintro] +-- +Learn how to perform common {beatname_uc} configuration tasks. + +* <<{beatname_lc}-geoip>> +* <> +* <> +* <> + + +-- + +include::{libbeat-dir}/shared-geoip.asciidoc[] + +:standalone: +include::{libbeat-dir}/shared-env-vars.asciidoc[] +:standalone!: + +include::{libbeat-dir}/shared-config-ingest.asciidoc[] + +:standalone: +include::{libbeat-dir}/yaml.asciidoc[] +:standalone!: + + + diff --git a/winlogbeat/docs/index.asciidoc b/winlogbeat/docs/index.asciidoc index e09c75ec313..6f4f6836e65 100644 --- a/winlogbeat/docs/index.asciidoc +++ b/winlogbeat/docs/index.asciidoc @@ -34,6 +34,8 @@ include::./upgrading.asciidoc[] include::./configuring-howto.asciidoc[] +include::{docdir}/howto/howto.asciidoc[] + include::./modules.asciidoc[] include::./fields.asciidoc[] diff --git a/winlogbeat/docs/setting-up-running.asciidoc b/winlogbeat/docs/setting-up-running.asciidoc index 4ca55ed9bee..e227c9a8457 100644 --- a/winlogbeat/docs/setting-up-running.asciidoc +++ b/winlogbeat/docs/setting-up-running.asciidoc @@ -5,7 +5,11 @@ ///// [[setting-up-and-running]] -== Setting up and running {beatname_uc} +== Set up and run {beatname_uc} + +++++ +Set up and run +++++ Before reading this section, see the <<{beatname_lc}-getting-started,getting started documentation>> for basic diff --git a/winlogbeat/docs/troubleshooting.asciidoc b/winlogbeat/docs/troubleshooting.asciidoc index cfab0a586e1..bc9f7dddacc 100644 --- a/winlogbeat/docs/troubleshooting.asciidoc +++ b/winlogbeat/docs/troubleshooting.asciidoc @@ -1,5 +1,5 @@ [[troubleshooting]] -= Troubleshooting += Troubleshoot [partintro] -- diff --git a/winlogbeat/docs/upgrading.asciidoc b/winlogbeat/docs/upgrading.asciidoc index 789c57c7170..3101f90f252 100644 --- a/winlogbeat/docs/upgrading.asciidoc +++ b/winlogbeat/docs/upgrading.asciidoc @@ -1,7 +1,11 @@ [[upgrading-winlogbeat]] -== Upgrading Winlogbeat +== Upgrade Winlogbeat + +++++ +Upgrade +++++ For information about upgrading to a new version, see the following topics in the _Beats Platform Reference_: * {beats-ref}/breaking-changes.html[Breaking Changes] -* {beats-ref}/upgrading.html[Upgrading] +* {beats-ref}/upgrading.html[Upgrade] diff --git a/winlogbeat/docs/winlogbeat-filtering.asciidoc b/winlogbeat/docs/winlogbeat-filtering.asciidoc index f9302db3db6..5bda1daf4da 100644 --- a/winlogbeat/docs/winlogbeat-filtering.asciidoc +++ b/winlogbeat/docs/winlogbeat-filtering.asciidoc @@ -1,5 +1,9 @@ [[filtering-and-enhancing-data]] -== Filter and Enhance the exported data +== Filter and enhance data with processors + +++++ +Processors +++++ include::{libbeat-dir}/processors.asciidoc[] diff --git a/winlogbeat/docs/winlogbeat-general-options.asciidoc b/winlogbeat/docs/winlogbeat-general-options.asciidoc index 6fb7ba164e9..7aec17cd609 100644 --- a/winlogbeat/docs/winlogbeat-general-options.asciidoc +++ b/winlogbeat/docs/winlogbeat-general-options.asciidoc @@ -1,5 +1,9 @@ [[configuration-general-options]] -== Specify general settings +== Configure general settings + +++++ +General settings +++++ You can specify settings in the +{beatname_lc}.yml+ config file to control the general behavior of {beatname_uc}. diff --git a/winlogbeat/docs/winlogbeat-options.asciidoc b/winlogbeat/docs/winlogbeat-options.asciidoc index 098c873406c..88cb61a553f 100644 --- a/winlogbeat/docs/winlogbeat-options.asciidoc +++ b/winlogbeat/docs/winlogbeat-options.asciidoc @@ -2,9 +2,13 @@ supporting the Windows Event Log API (Microsoft Windows Vista and newer). [[configuration-winlogbeat-options]] -== Set up Winlogbeat +== Configure {beatname_uc} -The `winlogbeat` section of the +{beatname_lc}.yml+ config file specifies all options that are specific to Winlogbeat. +++++ +{beatname_uc} +++++ + +The `winlogbeat` section of the +{beatname_lc}.yml+ config file specifies all options that are specific to {beatname_uc}. Most importantly, it contains the list of event logs to monitor. Here is a sample configuration: @@ -26,7 +30,7 @@ You can specify the following options in the `winlogbeat` section of the +{beatn [float] ==== `registry_file` -The name of the file where Winlogbeat stores information that it uses to resume +The name of the file where {beatname_uc} stores information that it uses to resume monitoring after a restart. By default the file is stored as `.winlogbeat.yml` in the directory where the Beat was started. When you run the process as a Windows service, it's recommended that you set the value to @@ -46,7 +50,7 @@ need to escape them. ==== `shutdown_timeout` The amount of time to wait for all events to be published when shutting down. -By default there is no shutdown timeout so Winlogbeat will stop without waiting. +By default there is no shutdown timeout so {beatname_uc} will stop without waiting. When you restart it will resume from the last successfully published event in each event log. @@ -83,7 +87,7 @@ The maximum number of event log records to read from the Windows API in a single batch. The default batch size is 100. Most Windows versions return an error if the value is larger than 1024. *{vista_and_newer}* -Winlogbeat starts a goroutine (a lightweight thread) to read from each +{beatname_uc} starts a goroutine (a lightweight thread) to read from each individual event log. The goroutine reads a batch of event log records using the Windows API, applies any processors to the events, publishes them to the configured outputs, and waits for an acknowledgement from the outputs before @@ -157,7 +161,7 @@ winlogbeat.event_logs: [float] ==== `event_logs.ignore_older` -If this option is specified, Winlogbeat filters events that are older than the +If this option is specified, {beatname_uc} filters events that are older than the specified amount of time. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". This option is useful when you are beginning to monitor an event log that contains older records that you would like to ignore. This field is @@ -177,8 +181,8 @@ A boolean flag to indicate that the log contains only events collected from remote hosts using the Windows Event Collector. The value defaults to true for the ForwardedEvents log and false for any other log. *{vista_and_newer}* -This settings allows Winlogbeat to optimize reads for forwarded events that are -already rendered. When the value is true Winlogbeat does not attempt to render +This settings allows {beatname_uc} to optimize reads for forwarded events that are +already rendered. When the value is true {beatname_uc} does not attempt to render the event using message files from the host computer. The Windows Event Collector subscription should be configured to use the "RenderedText" format (this is the default) to ensure that the events are distributed with messages @@ -202,9 +206,9 @@ winlogbeat.event_logs: [WARNING] ======================================= If you specify more that 22 event IDs to include or 22 event IDs to exclude, -Windows will prevent Winlogbeat from reading the event log because it limits the +Windows will prevent {beatname_uc} from reading the event log because it limits the number of conditions that can be used in an event log query. If this occurs a similar -warning as shown below will be logged by Winlogbeat, and it will continue +warning as shown below will be logged by {beatname_uc}, and it will continue processing data from other event logs. For more information, see https://support.microsoft.com/en-us/kb/970453. @@ -213,7 +217,7 @@ source. The specified query is invalid.` If you have more than 22 event IDs, you can workaround this Windows limitation by using a drop_event[drop-event] processor to do the filtering after -Winlogbeat has received the events from Windows. The filter shown below is +{beatname_uc} has received the events from Windows. The filter shown below is equivalent to `event_id: 903, 1024, 4624` but can be expanded beyond 22 event IDs. @@ -305,11 +309,11 @@ Microsoft-Windows-Eventlog ==== `event_logs.include_xml` Boolean option that controls if the raw XML representation of an event is -included in the data sent by Winlogbeat. The default is false. +included in the data sent by {beatname_uc}. The default is false. *{vista_and_newer}* The XML representation of the event is useful for troubleshooting purposes. The -data in the fields reported by Winlogbeat can be compared to the data in the XML +data in the fields reported by {beatname_uc} can be compared to the data in the XML to diagnose problems. Example: @@ -365,7 +369,7 @@ winlogbeat.event_logs: If this option is set to true, the custom <> are stored as top-level fields in the output document instead of being grouped under a `fields` sub-dictionary. If the custom field names conflict with other -field names added by Winlogbeat, then the custom fields overwrite the other +field names added by {beatname_uc}, then the custom fields overwrite the other fields. [float] @@ -400,7 +404,7 @@ the output document. By default, `keep_null` is set to `false`. The action that the event log reader should take when it receives a signal from Windows that there are no more events to read. It can either `wait` for more events to be written (the default behavior) or it can `stop`. The overall -Winlogbeat process will stop when all of the individual event log readers have +{beatname_uc} process will stop when all of the individual event log readers have stopped. *{vista_and_newer}* Setting `no_more_events` to `stop` is useful when reading from archived event diff --git a/x-pack/dockerlogbeat/docs/troubleshooting.asciidoc b/x-pack/dockerlogbeat/docs/troubleshooting.asciidoc index 478269ff6ec..b1218aba97d 100644 --- a/x-pack/dockerlogbeat/docs/troubleshooting.asciidoc +++ b/x-pack/dockerlogbeat/docs/troubleshooting.asciidoc @@ -1,6 +1,6 @@ [[log-driver-troubleshooting]] [role="xpack"] -== Troubleshooting +== Troubleshoot experimental[] diff --git a/x-pack/functionbeat/docs/config-options-aws.asciidoc b/x-pack/functionbeat/docs/config-options-aws.asciidoc index f0e7dcc05cf..fe2550c12d7 100644 --- a/x-pack/functionbeat/docs/config-options-aws.asciidoc +++ b/x-pack/functionbeat/docs/config-options-aws.asciidoc @@ -3,7 +3,7 @@ == Configure AWS functions ++++ -Configure AWS functions +AWS functions ++++ {beatname_uc} runs as a function in your serverless environment. diff --git a/x-pack/functionbeat/docs/config-options-gcp.asciidoc b/x-pack/functionbeat/docs/config-options-gcp.asciidoc index e81a1b8dc18..6ee6a1f21df 100644 --- a/x-pack/functionbeat/docs/config-options-gcp.asciidoc +++ b/x-pack/functionbeat/docs/config-options-gcp.asciidoc @@ -3,7 +3,7 @@ == Configure Google Functions ++++ -Configure Google functions +Google functions ++++ beta[] diff --git a/x-pack/functionbeat/docs/configuring-howto.asciidoc b/x-pack/functionbeat/docs/configuring-howto.asciidoc index 3667df76f45..03e3d777072 100644 --- a/x-pack/functionbeat/docs/configuring-howto.asciidoc +++ b/x-pack/functionbeat/docs/configuring-howto.asciidoc @@ -1,9 +1,13 @@ [id="configuring-howto-{beatname_lc}"] [role="xpack"] -= Configuring {beatname_uc} += Configure {beatname_uc} [partintro] -- +++++ +Configure +++++ + Before modifying configuration settings, make sure you've completed the <<{beatname_lc}-configuration,configuration steps>> in the Getting Started. This section describes some common use cases for changing configuration options. @@ -15,18 +19,13 @@ The following topics describe how to configure {beatname_uc}: * <> * <> * <> -* <> * <> -* <> * <> -* <> -* <> -* <<{beatname_lc}-geoip>> -* <> +* <> * <> +* <> +* <> * <> -* <> -* <> * <> * <<{beatname_lc}-reference-yml>> @@ -38,49 +37,29 @@ include::./config-options-gcp.asciidoc[] include::./general-options.asciidoc[] -:allplatforms: -[role="xpack"] -include::{libbeat-dir}/queueconfig.asciidoc[] -:allplatforms!: - [role="xpack"] include::{libbeat-dir}/outputconfig.asciidoc[] -[role="xpack"] -include::{libbeat-dir}/shared-ilm.asciidoc[] - [role="xpack"] include::{libbeat-dir}/shared-ssl-config.asciidoc[] -include::./filtering.asciidoc[] - -[role="xpack"] -include::{libbeat-dir}/shared-config-ingest.asciidoc[] - [role="xpack"] -include::{libbeat-dir}/shared-geoip.asciidoc[] - -[role="xpack"] -include::{libbeat-dir}/shared-kibana-config.asciidoc[] +include::{libbeat-dir}/shared-ilm.asciidoc[] [role="xpack"] include::{libbeat-dir}/setup-config.asciidoc[] [role="xpack"] -include::{libbeat-dir}/loggingconfig.asciidoc[] - -:standalone: -[role="xpack"] -include::{libbeat-dir}/shared-env-vars.asciidoc[] -:standalone!: +include::./filtering.asciidoc[] -:standalone: :allplatforms: [role="xpack"] -include::{libbeat-dir}/yaml.asciidoc[] -:standalone!: +include::{libbeat-dir}/queueconfig.asciidoc[] :allplatforms!: +[role="xpack"] +include::{libbeat-dir}/loggingconfig.asciidoc[] + [role="xpack"] include::{libbeat-dir}/regexp.asciidoc[] diff --git a/x-pack/functionbeat/docs/filtering.asciidoc b/x-pack/functionbeat/docs/filtering.asciidoc index 37f4ada3adb..c22366c0ee7 100644 --- a/x-pack/functionbeat/docs/filtering.asciidoc +++ b/x-pack/functionbeat/docs/filtering.asciidoc @@ -1,6 +1,10 @@ [[filtering-and-enhancing-data]] [role="xpack"] -== Filter and enhance the exported data +== Filter and enhance data with processors + +++++ +Processors +++++ Your use case might require only a subset of the data exported by {beatname_uc}, or you might need to enhance the exported data (for example, by adding diff --git a/x-pack/functionbeat/docs/general-options.asciidoc b/x-pack/functionbeat/docs/general-options.asciidoc index 91ef914c502..5b21951bcfd 100644 --- a/x-pack/functionbeat/docs/general-options.asciidoc +++ b/x-pack/functionbeat/docs/general-options.asciidoc @@ -1,6 +1,10 @@ [[configuration-general-options]] [role="xpack"] -== Specify general settings +== Configure general settings + +++++ +General settings +++++ You can specify settings in the +{beatname_lc}.yml+ config file to control the general behavior of {beatname_uc}. diff --git a/x-pack/functionbeat/docs/getting-started.asciidoc b/x-pack/functionbeat/docs/getting-started.asciidoc index 66b177fe7fb..b0264f694cc 100644 --- a/x-pack/functionbeat/docs/getting-started.asciidoc +++ b/x-pack/functionbeat/docs/getting-started.asciidoc @@ -1,6 +1,10 @@ [id="{beatname_lc}-getting-started"] [role="xpack"] -== Getting Started With {beatname_uc} +== Get started with {beatname_uc} + +++++ +Get started +++++ include::{libbeat-dir}/shared-getting-started-intro.asciidoc[] diff --git a/x-pack/functionbeat/docs/howto/howto.asciidoc b/x-pack/functionbeat/docs/howto/howto.asciidoc new file mode 100644 index 00000000000..4de57b1bda3 --- /dev/null +++ b/x-pack/functionbeat/docs/howto/howto.asciidoc @@ -0,0 +1,34 @@ +[[howto-guides]] +[role="xpack"] += How to + +[partintro] +-- +Learn how to perform common {beatname_uc} configuration tasks. + +* <<{beatname_lc}-geoip>> +* <> +* <> +* <> + + +-- + +[role="xpack"] +include::{libbeat-dir}/shared-geoip.asciidoc[] + +:standalone: +[role="xpack"] +include::{libbeat-dir}/shared-env-vars.asciidoc[] +:standalone!: + +[role="xpack"] +include::{libbeat-dir}/shared-config-ingest.asciidoc[] + +:standalone: +[role="xpack"] +include::{libbeat-dir}/yaml.asciidoc[] +:standalone!: + + + diff --git a/x-pack/functionbeat/docs/index.asciidoc b/x-pack/functionbeat/docs/index.asciidoc index c48b8eb4559..28283ffd77f 100644 --- a/x-pack/functionbeat/docs/index.asciidoc +++ b/x-pack/functionbeat/docs/index.asciidoc @@ -44,6 +44,8 @@ include::./setting-up-running.asciidoc[] include::./configuring-howto.asciidoc[] +include::{docdir}/howto/howto.asciidoc[] + [role="xpack"] include::./fields.asciidoc[] diff --git a/x-pack/functionbeat/docs/setting-up-running.asciidoc b/x-pack/functionbeat/docs/setting-up-running.asciidoc index 7a0ba0f5ea8..878cacf3d3f 100644 --- a/x-pack/functionbeat/docs/setting-up-running.asciidoc +++ b/x-pack/functionbeat/docs/setting-up-running.asciidoc @@ -6,7 +6,11 @@ [[setting-up-and-running]] [role="xpack"] -== Setting up and deploying {beatname_uc} +== Set up and deploy {beatname_uc} + +++++ +Set up and deploy +++++ Before reading this section, see the <<{beatname_lc}-getting-started,getting started documentation>> for basic diff --git a/x-pack/functionbeat/docs/troubleshooting.asciidoc b/x-pack/functionbeat/docs/troubleshooting.asciidoc index b67c2dee6b7..b18a37a2fe1 100644 --- a/x-pack/functionbeat/docs/troubleshooting.asciidoc +++ b/x-pack/functionbeat/docs/troubleshooting.asciidoc @@ -1,6 +1,6 @@ [[troubleshooting]] [role="xpack"] -= Troubleshooting += Troubleshoot [partintro] --