Apache Storm is a free and open source distributed realtime computation system. This integration allows you to send logs from your Apache Storm server instances to your Logz.io account.
Step by step
Before you begin, you’ll need:
- Filebeat installed
- Port 5015 open.
- Root access
Download the Logz.io public certificate to your credentials server
For HTTPS shipping, download the Logz.io public certificate to your certificate authority folder.
sudo curl https://raw.githubusercontent.com/logzio/public-certificates/master/AAACertificateServices.crt --create-dirs -o /etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt
Find Apache Storm log location
Run the following command to find your Apache Storm logs directory:
ps -o args= -C java | grep -Po -- '-Dstorm.log.dir=\K[^\s]+'
Add Apache Storm as an input
In the Filebeat configuration file (/etc/filebeat/filebeat.yml), add Apache to the filebeat.inputs section.
Replace <<LOG-SHIPPING-TOKEN>>
with the token of the account you want to ship to. Replace <<LOGS_DIRECTORY>>
with the path to your Apache Storm logs directory mentioned in the step above.
# ...
filebeat.inputs:
- type: log
paths:
- <<LOGS_DIRECTORY>>/*.log
- <<LOGS_DIRECTORY>>/workers-artifacts/*/*/*.log*
exclude_files: ['.gz$']
fields:
logzio_codec: plain
# You can manage your tokens at
# https://app.logz.io/#/dashboard/settings/manage-tokens/log-shipping
token: <<LOG-SHIPPING-TOKEN>>
type: apache_storm
fields_under_root: true
encoding: utf-8
ignore_older: 3h
If you’re running Filebeat 7, paste this code block. Otherwise, you can leave it out.
# For Filebeat 7 and higher
filebeat.registry.path: /var/lib/filebeat
# The following processors are to ensure compatibility with version 7
processors:
- rename:
fields:
- from: "agent"
to: "beat_agent"
ignore_missing: true
- rename:
fields:
- from: "log.file.path"
to: "source"
ignore_missing: true
If you’re running Filebeat 8.1+, the type
of the filebeat.inputs
is filestream
instead of logs
:
filebeat.inputs:
- type: filestream
paths:
- /var/log/*.log
Set Logz.io as the output
If Logz.io is not an output, add it now. Remove all other outputs.
Replace <<LISTENER-HOST>>
with the host for your region. For example, listener.logz.io
if your account is hosted on AWS US East, or listener-nl.logz.io
if hosted on Azure West Europe.
# ...
output.logstash:
hosts: ["<<LISTENER-HOST>>:5015"]
ssl:
certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt']
Start Filebeat
Start or restart Filebeat for the changes to take effect.
Check Logz.io for your logs
Give your logs some time to get from your system to ours, and then open Kibana. You can search for type:apache_storm
to filter for your Apache Storm logs.
If you still don’t see your logs, see log shipping troubleshooting.