filebeat.env.example

# filebeat parameters used for monitoring log files containing network traffic metadata
#   (see https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-log.html)
FILEBEAT_SCAN_FREQUENCY=10s
FILEBEAT_CLEAN_INACTIVE=180m
FILEBEAT_IGNORE_OLDER=120m
FILEBEAT_CLOSE_INACTIVE=120s
FILEBEAT_CLOSE_INACTIVE_LIVE=90m
FILEBEAT_CLOSE_RENAMED=true
FILEBEAT_CLOSE_REMOVED=true
FILEBEAT_CLOSE_EOF=true
FILEBEAT_CLEAN_REMOVED=true
# The age (in minutes) at which already-processed log files containing network traffic metadata should
#   be pruned from the filesystem
LOG_CLEANUP_MINUTES=360
# The age (in minutes) at which the compressed archives containing already-processed log files should
#   be pruned from the filesystem
ZIP_CLEANUP_MINUTES=720
# Whether or not to use polling vs. native inotify API to watch for files
FILEBEAT_WATCHER_POLLING=false
# When polling, seconds of inactivity to assume a file is closed and ready for processing
FILEBEAT_WATCHER_POLLING_ASSUME_CLOSED_SEC=10
# Whether or not to expose a filebeat TCP input listener (see
#    https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-tcp.html)
FILEBEAT_TCP_LISTEN=false
# Log format expected for events sent to the filebeat TCP input listener ('json' or 'raw')
FILEBEAT_TCP_LOG_FORMAT=json
# Source field name to parse (when FILEBEAT_TCP_LOG_FORMAT is 'json') for events sent to the
#    filebeat TCP input listener
FILEBEAT_TCP_PARSE_SOURCE_FIELD=message
# Target field name to store decoded JSON fields (when FILEBEAT_TCP_LOG_FORMAT is 'json') for
#    events sent to the filebeat TCP input listener
FILEBEAT_TCP_PARSE_TARGET_FIELD=miscbeat
# Name of field to drop (if it exists) in events sent to the filebeat TCP input listener
FILEBEAT_TCP_PARSE_DROP_FIELD=message
# Tag to append to events sent to the filebeat TCP input listener
FILEBEAT_TCP_TAG=_malcolm_beats
# Number of processes dedicated to preparing files for ingestion into filebeat
FILEBEAT_PREPARE_PROCESS_COUNT=1