Add changes from review

elastic · Nov 7, 2018 · 12149dc · 12149dc
1 parent 5f4c572
commit 12149dc
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 18 deletions.
diff --git a/journalbeat/docs/config-options.asciidoc b/journalbeat/docs/config-options.asciidoc
@@ -29,11 +29,11 @@ cases.
 
 [[monitor-multiple-journals]]
 .Example 1: Monitor multiple journals under the same directory
-This example configures {beatname_uc} to read from multiple journals that
-are stored under the same directory. {beatname_uc} merges all journals under the
-directory into a single journal and reads them. With `seek` set to `cursor`,
-{beatname_uc} starts reading at the beginning of the journal, but will continue
-reading where it left off after a reload or restart.
+This example configures {beatname_uc} to read from multiple journals that are
+stored under the same directory. {beatname_uc} merges all journals under the
+directory into a single event stream and reads the events. With `seek` set to
+`cursor`, {beatname_uc} starts reading at the beginning of the journal, but will
+continue reading at the last known position after a reload or restart.
 ["source","sh",subs="attributes"]
 ----
 {beatname_lc}.inputs:
@@ -82,23 +82,30 @@ journal files.
 A list of paths that will be crawled and fetched. Each path can be a directory
 path (to collect events from all journals in a directory), or a file path. If
 you specify a directory, {beatname_uc} merges all journals under the directory
-into a single journal and reads them. 
+into a single journal and reads them.
+
+If no paths are specified, {beatname_uc} reads from the default journal.
 
 [float]
 [id="{beatname_lc}-seek"]
 ==== `seek`
 
 The position to start reading the journal from. Valid settings are:
 
-* `head`: Starts reading at the beginning of the file.
-* `tail`: Starts reading at the end of the file.
+* `head`: Starts reading at the beginning of the file, even after a reload or
+restart.
+* `tail`: Starts reading at the end of the file, even after a reload or restart.
 * `cursor`: On first read, starts reading at the beginning of the file. After a
-reload or restart, continues reading where it left off.
+reload or restart, continues reading at the last known position.
 
 When specified under `paths`, the `seek` setting applies to all journals under
 the configured paths. When specified directly under the +{beatname_lc}+
 namespace, the setting applies to all journals read by {beatname_uc}.
 
+If you have old log files and want to skip lines, start {beatname_uc} with
+`seek: tail` specified. Then stop {beatname_uc}, set `seek: cursor`, and restart
+{beatname_uc}.
+
 [float]
 [id="{beatname_lc}-include-matches"]
 ==== `include_matches`

diff --git a/journalbeat/docs/getting-started.asciidoc b/journalbeat/docs/getting-started.asciidoc
@@ -74,8 +74,9 @@ endif::[]
 [id="{beatname_lc}-configuration"]
 === Step 2: Configure {beatname_uc}
 
-Before running {beatname_uc}, you need to specify the location of the systemd
-journal files and configure how you want the files to be read.
+Before running {beatname_uc}, you can specify the location of the systemd
+journal files and configure how you want the files to be read. If you accept the
+default configuration, {beatname_uc} reads from the local journal.
 
 include::../../libbeat/docs/shared-configuring.asciidoc[]
 
@@ -107,12 +108,15 @@ If no paths are specified, {beatname_uc} reads from the default journal.
 
 . Set the <<{beatname_lc}-seek,`seek`>> option to control the position where
 {beatname_uc} starts reading the journal. The available options are `head`,
-`tail`, and `cursor`. The default is `cursor`, which means that
-{beatname_uc} will continue reading where it left off after a reload or restart.
+`tail`, and `cursor`. The default is `cursor`, which means that on first read,
+{beatname_uc} starts reading at the beginning of the file, but continues reading
+at the last known position after a reload or restart. For more detail about
+the settings, see the reference docs for the
+<<{beatname_lc}-seek,`seek` option>>. 
 
 . (Optional) Set the <<{beatname_lc}-include-matches,`include_matches`>> option
 to filter entries in journald before collecting any log events. This reduces the
-number of fields that {beatname_uc} needs to process. For example, to fetch only
+number of events that {beatname_uc} needs to process. For example, to fetch only
 Redis events from a Docker container tagged as `redis`, use: 
 +
 ["source","sh",subs="attributes"]
@@ -163,17 +167,14 @@ sudo service {beatname_lc} start
 ["source","sh",subs="attributes"]
 ----------------------------------------------------------------------
 sudo chown root {beatname_lc}.yml <1>
-sudo ./{beatname_lc} -e -d "publish"
+sudo ./{beatname_lc} -e
 ----------------------------------------------------------------------
 <1> You'll be running {beatname_uc} as root, so you need to change ownership
 of the configuration file, or run {beatname_uc} with `--strict.perms=false`
 specified. See
 {libbeat}/config-file-permissions.html[Config File Ownership and Permissions]
 in the _Beats Platform Reference_.
 
-// REVIEWERS: Do you think it's better to show the run command with or without
-// -c journalbeat.yml included? I'm inclined to show it without. WDYT?
-
 {beatname_uc} is now ready to send journal events to the defined output.
 
 [[view-kibana-dashboards]]