Step by step
Before you begin, you’ll need:
- Filebeat 7 installed
- Port 5015 open.
- Root access
Download the Logz.io public certificate to your credentials server
For HTTPS shipping, download the Logz.io public certificate to your certificate authority folder.
sudo curl https://raw.githubusercontent.com/logzio/public-certificates/master/AAACertificateServices.crt --create-dirs -o /etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt
Find Apache Storm log location
Run the following command to find your Apache Storm logs directory:
ps -o args= -C java | grep -Po -- '-Dstorm.log.dir=\K[^\s]+'
Add Apache Storm as an input
In the Filebeat configuration file (/etc/filebeat/filebeat.yml), add Apache to the filebeat.inputs section.
<<LOG-SHIPPING-TOKEN>> with the token of the account you want to ship to. Replace
<<LOGS_DIRECTORY>> with the path to your Apache Storm logs directory mentioned in the step above.
# ... filebeat.inputs: - type: log paths: - <<LOGS_DIRECTORY>>/*.log - <<LOGS_DIRECTORY>>/workers-artifacts/*/*/*.log* exclude_files: ['.gz$'] fields: logzio_codec: plain # You can manage your tokens at # https://app.logz.io/#/dashboard/settings/manage-tokens/log-shipping token: <<LOG-SHIPPING-TOKEN>> type: apache_storm fields_under_root: true encoding: utf-8 ignore_older: 3h
If you’re running Filebeat 7, paste this code block. Otherwise, you can leave it out.
# For Filebeat 7 and higher filebeat.registry.path: /var/lib/filebeat # The following processors are to ensure compatibility with version 7 processors: - rename: fields: - from: "agent" to: "beat_agent" ignore_missing: true - rename: fields: - from: "log.file.path" to: "source" ignore_missing: true
Set Logz.io as the output
If Logz.io is not an output, add it now. Remove all other outputs.
<<LISTENER-HOST>> with the host for your region. For example,
listener.logz.io if your account is hosted on AWS US East, or
listener-nl.logz.io if hosted on Azure West Europe.
# ... output.logstash: hosts: ["<<LISTENER-HOST>>:5015"] ssl: certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt']
Start or restart Filebeat for the changes to take effect.
Check Logz.io for your logs
Give your logs some time to get from your system to ours, and then open Kibana. You can search for
type:apache_storm to filter for your Apache Storm logs.
If you still don’t see your logs, see log shipping troubleshooting.