veza/ansible/roles/filebeat/readme.md

# Mandatory variables
Define the elastic repository version that will determine the version of filebeat:
```
elastic_major_version: "7.x"
```
Define the list of logstash endpoint where to send the logs:
Define the output for the logs, it can be either elasticsearch or logstash:
```
filebeat_output_elasticsearch_hosts:
  - host1
  - host2
```
or
```
filebeat_output_logstash_hosts:
  - host1
  - host2
```
If you use elasticsearch, the connection will use https and use the login/password of the server to authenticate itself.
You can change the protocol to http with:
```
filebeat_output_elasticsearch_protocol: "http"
```
# Optional variables
You can disable this filebeat role by setting this variable :
```yaml
filebeat_install: false
```

By default, filebeat will send the system logs to the index `logs-infra-system` and the other logs to `logs-{{ talas_project }}-{{ talas_group }}`.

Sometime, you want to send _all_ logs (even for the system), to the `logs-{{ talas_project }}-{{ talas_group }}` index.

If this is the case, you need to set this variable to false:
```
filebeat_separate_system_logs: false
```

You can define the loglevel of filebeat, the default is `warning`, possible values are error, warning, info, debug:
```
filebeat_logging_level: "warning"
```
# Modules
The `system` module is always enabled.

This role will automatically detect the installation of the following software and enable the correct modules:
- apache httpd
- elasticsearch
- haproxy
- kibana
- logstash

You can add more module by creating this list:
```
filebeat_modules_list:
  - system
```
You can see the list of modules with `filebeat modules list`.

# Update

You can perform an update of filebeat by adding: `--extra-vars '{ "filebeat_update" : true }'`
BASE: completing the initial repo state 2025-12-03 21:56:50 +00:00			`# Mandatory variables`
			`Define the elastic repository version that will determine the version of filebeat:`
			```
			`elastic_major_version: "7.x"`
			```
			`Define the list of logstash endpoint where to send the logs:`
			`Define the output for the logs, it can be either elasticsearch or logstash:`
			```
			`filebeat_output_elasticsearch_hosts:`
			`- host1`
			`- host2`
			```
			`or`
			```
			`filebeat_output_logstash_hosts:`
			`- host1`
			`- host2`
			```
			`If you use elasticsearch, the connection will use https and use the login/password of the server to authenticate itself.`
			`You can change the protocol to http with:`
			```
			`filebeat_output_elasticsearch_protocol: "http"`
			```
			`# Optional variables`
			`You can disable this filebeat role by setting this variable :`
			```yaml
			`filebeat_install: false`
			```

			By default, filebeat will send the system logs to the index `logs-infra-system` and the other logs to `logs-{{ talas_project }}-{{ talas_group }}`.

			Sometime, you want to send _all_ logs (even for the system), to the `logs-{{ talas_project }}-{{ talas_group }}` index.

			`If this is the case, you need to set this variable to false:`
			```
			`filebeat_separate_system_logs: false`
			```

			You can define the loglevel of filebeat, the default is `warning`, possible values are error, warning, info, debug:
			```
			`filebeat_logging_level: "warning"`
			```
			`# Modules`
			The `system` module is always enabled.

			`This role will automatically detect the installation of the following software and enable the correct modules:`
			`- apache httpd`
			`- elasticsearch`
			`- haproxy`
			`- kibana`
			`- logstash`

			`You can add more module by creating this list:`
			```
			`filebeat_modules_list:`
			`- system`
			```
			You can see the list of modules with `filebeat modules list`.

			`# Update`

			You can perform an update of filebeat by adding: `--extra-vars '{ "filebeat_update" : true }'`