dedemorton · dedemorton · Nov 8, 2018 · Nov 1, 2018 · Nov 7, 2018 · Nov 8, 2018
diff --git a/journalbeat/docs/config-options.asciidoc b/journalbeat/docs/config-options.asciidoc
@@ -0,0 +1,124 @@
+[id="configuration-{beatname_lc}-options"]
+== Configure inputs
+
+++++
+<titleabbrev>Configure inputs</titleabbrev>
+++++
+
+By default, {beatname_uc} reads log events from the default systemd journals. To
+specify other journal files, set the <<{beatname_lc}-paths,`paths`>> option in
+the +{beatname_lc}.inputs+ section of the +{beatname_lc}.yml+ file. Each path
+can be a directory path (to collect events from all journals in a directory), or
+a file path. For example:
+
+["source","sh",subs="attributes"]
+----
+{beatname_lc}.inputs:
+- paths:
+  - "/dev/log"
+  - "/var/log/messages/my-journal-file.journal"
+----
+
+Within the configuration file, you can also specify options that control how
+{beatname_uc} reads the journal files and which fields are sent to the
+configured output. See <<{beatname_lc}-options>> for a list of available
+options.
+
+The following examples show how to configure {beatname_uc} for some common use
+cases.
+
+[[monitor-multiple-journals]]
+.Example 1: Monitor multiple journals under the same directory
+This example configures {beatname_uc} to read from multiple journals that
+are stored under the same directory. {beatname_uc} merges all journals under the
+directory into a single journal and reads them. With `seek` set to `cursor`,
+{beatname_uc} starts reading at the beginning of the journal, but will continue
+reading where it left off after a reload or restart.
+["source","sh",subs="attributes"]
+----
+{beatname_lc}.inputs:
+- paths: ["/path/to/journal/directory"]
+  seek: cursor
+----
+
+[[filter-using-field-names]]
+.Example 2: Fetch log events for Redis running on Docker (uses field names from systemd)
+This example configures {beatname_uc} to fetch log events for Redis running in a
+Docker container. The fields are matched using field names from the systemd
+journal.
+["source","sh",subs="attributes"]
+----
+{beatname_lc}.inputs:
+- paths: []
+  include_matches:
+    - "CONTAINER_TAG=redis"
+    - "_COMM=redis"
+----
+
+[[filter-using-translated-names]]
+.Example 3: Fetch log events for Redis running on Docker (uses translated field names)
+This example also configures {beatname_uc} to fetch log events for Redis running in a
+Docker container. However, in this example the fields are matched using the
+translated field names provided by {beatname_uc}.
+["source","sh",subs="attributes"]
+----
+{beatname_lc}.inputs:
+- paths: []
+  include_matches:
+    - "container.image.tag=redis"
+    - "process.name=redis"
+----
+
+[id="{beatname_lc}-options"]
+[float]
+=== Configuration options
+You can specify the following options to configure how {beatname_uc} reads the
+journal files.
+
+[float]
+[id="{beatname_lc}-paths"]
+==== `paths`
+
+A list of paths that will be crawled and fetched. Each path can be a directory
+path (to collect events from all journals in a directory), or a file path. If
+you specify a directory, {beatname_uc} merges all journals under the directory
+into a single journal and reads them. 
+
+[float]
+[id="{beatname_lc}-seek"]
+==== `seek`
+
+The position to start reading the journal from. Valid settings are:
+
+* `head`: Starts reading at the beginning of the file.
+* `tail`: Starts reading at the end of the file.
+* `cursor`: On first read, starts reading at the beginning of the file. After a
+reload or restart, continues reading where it left off.
+
+When specified under `paths`, the `seek` setting applies to all journals under
+the configured paths. When specified directly under the +{beatname_lc}+
+namespace, the setting applies to all journals read by {beatname_uc}.
+
+[float]
+[id="{beatname_lc}-include-matches"]
+==== `include_matches`
+
+A list of filter expressions used to match fields. The format of the expression
+is `field=value`. {beatname_uc} fetches all events that exactly match the
+expressions. Pattern matching is not supported.
+
+To reference fields, use one of the following:
+
+* The field name used by the systemd journal. For example,
+`CONTAINER_TAG=redis` (<<filter-using-field-names,see a full example>>).
+* The translated field name used by {beatname_uc}. For example,
+`container.image.tag=redis`
+(<<filter-using-translated-names,see a full example>>). {beatname_uc}
+does not translate all fields from the journal. For custom fields, use the name
+specified in the systemd journal.
+
+When specified under `paths`, the `include_matches` filter is applied to all
+journals under the configured paths. When specified directly under the
++{beatname_lc}+ namespace, the setting applies to all journals read by
+{beatname_uc}.
+
diff --git a/journalbeat/docs/configuring-howto.asciidoc b/journalbeat/docs/configuring-howto.asciidoc
@@ -0,0 +1,68 @@
+[id="configuring-howto-{beatname_lc}"]
+= Configuring {beatname_uc}
+
+[partintro]
+--
+
+Before modifying configuration settings, make sure you've completed the
+<<{beatname_lc}-configuration,configuration steps>> in the Getting Started.
+This section describes some common use cases for changing configuration options.
+
+include::../../libbeat/docs/shared-configuring.asciidoc[]
+
+The following topics describe how to configure {beatname_uc}:
+
+* <<configuration-{beatname_lc}-options>>
+* <<configuration-general-options>>
+* <<configuring-internal-queue>>
+* <<configuring-output>>
+* <<configuration-ssl>>
+* <<filtering-and-enhancing-data>>
+* <<configuring-ingest-node>>
+* <<configuration-path>>
+* <<setup-kibana-endpoint>>
+* <<configuration-template>>
+* <<configuration-logging>>
+* <<using-environ-vars>>
+* <<yaml-tips>>
+* <<regexp-support>>
+* <<http-endpoint>>
+* <<{beatname_lc}-reference-yml>>
+
+--
+
+include::./config-options.asciidoc[]
+
+include::./general-options.asciidoc[]
+
+include::../../libbeat/docs/queueconfig.asciidoc[]
+
+include::../../libbeat/docs/outputconfig.asciidoc[]
+
+include::../../libbeat/docs/shared-ssl-config.asciidoc[]
+
+include::./filtering.asciidoc[]
+
+include::../../libbeat/docs/shared-config-ingest.asciidoc[]
+
+include::../../libbeat/docs/shared-path-config.asciidoc[]
+
+include::../../libbeat/docs/shared-kibana-config.asciidoc[]
+
+include::../../libbeat/docs/setup-config.asciidoc[]
+
+include::../../libbeat/docs/loggingconfig.asciidoc[]
+
+:standalone:
+include::../../libbeat/docs/shared-env-vars.asciidoc[]
+:standalone!:
+
+:standalone:
+include::../../libbeat/docs/yaml.asciidoc[]
+:standalone!:
+
+include::../../libbeat/docs/regexp.asciidoc[]
+
+include::../../libbeat/docs/http-endpoint.asciidoc[]
+
+include::../../libbeat/docs/reference-yml.asciidoc[]
diff --git a/journalbeat/docs/faq.asciidoc b/journalbeat/docs/faq.asciidoc
@@ -0,0 +1,10 @@
+[[faq]]
+== Frequently asked questions
+
+This section contains frequently asked questions about {beatname_uc}. Also check
+out the https://discuss.elastic.co/c/beats/{beatname_lc}[{beatname_uc}
+discussion forum].
+
+include::../../libbeat/docs/faq-limit-bandwidth.asciidoc[]
+
+include::../../libbeat/docs/shared-faq.asciidoc[]