[Docs] Add module usage info #7826
Conversation
docs/static/modules.asciidoc
Outdated
|
|
||
| Logstash modules provide a quick way to get started using Logstash. | ||
|
|
||
| Each module comes pre-packaged with configurations, Kibana dashboards, and |
There was a problem hiding this comment.
Should we explicitly say Logstash configurations?
| === Running modules | ||
|
|
||
| When you run a module, Logstash creates and loads the pipeline configurations | ||
| required to read and parse the data. It also loads the index pattern, |
There was a problem hiding this comment.
index pattern and field mappings will be directly on ES, should we also make that explicit?
There was a problem hiding this comment.
My inclination is to keep this statement simple here. If we start seeing questions about this on the forum, we can clarify.
docs/static/modules.asciidoc
Outdated
| ---- | ||
|
|
||
|
|
||
| //REVIEWERS: Can users run multiple modules like they can in Filebeat? This topic assumes "no" but I haven't tested it yet. |
There was a problem hiding this comment.
not yet, in the future we should be able to with multiple pipelines
There was a problem hiding this comment.
Not yet in 5.6. We need to change this in 6.0
docs/static/modules.asciidoc
Outdated
| bin/logstash --modules netflow | ||
| ---- | ||
|
|
||
| The following command runs the Netflow module and overrides the `host` setting: |
There was a problem hiding this comment.
we should stay elasticsearch host
docs/static/modules.asciidoc
Outdated
| [[configuring-logstash-modules]] | ||
| === Configuring modules | ||
|
|
||
| //REVIEWERS: How will users know when the defaults are OK and when they need to change the config? |
There was a problem hiding this comment.
they will have to look at the default values
docs/static/modules.asciidoc
Outdated
|
|
||
| The following command runs the Netflow module and sets the `tcp.port` to `5606`: | ||
|
|
||
| //REVIEWERS: It would be better here to show an example that overrides multiple settings. Any suggestions for a realistic example? |
There was a problem hiding this comment.
this is one from the arcsight module
bin/logstash --modules arcsight -M “arcsight.var.inputs=eventbroker, smartconnector” -M “arcsight.var.input.smartconnector.port=5052”
There was a problem hiding this comment.
and +1 on showing one that overrides multiple
There was a problem hiding this comment.
For netflow, it can be:
bin/logstash --modules netflow -M "netflow.var.input.udp.port=3555" -M "netflow.var.elasticseach.host=my-es-cloud"
|
@dedemorton left some comments, but looks great thank you. |
docs/static/modules.asciidoc
Outdated
| [[logstash-modules]] | ||
| == Working with Logstash Modules | ||
|
|
||
| Logstash modules provide a quick way to get started using Logstash. |
There was a problem hiding this comment.
I think we should say something along the lines of "Logstash modules provide a quick, end-to-end solution for ingesting data and visualizing it with purpose-built dashboards."
I guess my point here is that it's more than just an easy way to get started using LS. It also gets the users all the way to using Kibana and ES.
docs/static/modules.asciidoc
Outdated
| ---- | ||
|
|
||
|
|
||
| //REVIEWERS: Can users run multiple modules like they can in Filebeat? This topic assumes "no" but I haven't tested it yet. |
There was a problem hiding this comment.
Not yet in 5.6. We need to change this in 6.0
docs/static/modules.asciidoc
Outdated
| ---- | ||
|
|
||
|
|
||
| //REVIEWERS: I'm mentioning the overrides here because I've had some feedback from Tanya about making it clear in the docs that the var overrides are available. Figured this is relevant for LS too. |
docs/static/modules.asciidoc
Outdated
|
|
||
| The following command runs the Netflow module and sets the `tcp.port` to `5606`: | ||
|
|
||
| //REVIEWERS: It would be better here to show an example that overrides multiple settings. Any suggestions for a realistic example? |
There was a problem hiding this comment.
For netflow, it can be:
bin/logstash --modules netflow -M "netflow.var.input.udp.port=3555" -M "netflow.var.elasticseach.host=my-es-cloud"
|
|
||
| [source,shell] | ||
| ---- | ||
| bin/logstash --modules netflow -M "netflow.var.elasticsearch.host=es.mycloud.com" |
There was a problem hiding this comment.
@suyograo missed this one initially, but this should be plural "hosts" right? and its also missing the port?
| ---- | ||
| modules: | ||
| - name: netflow | ||
| var.output.elasticsearch.host: "es.mycloud.com" |
There was a problem hiding this comment.
@suyograo same here as the comment above...
| var.output.elasticsearch.host: "es.mycloud.com" | ||
| var.output.elasticsearch.user: "foo" | ||
| var.output.elasticsearch.password: "password" | ||
| var.input.tcp.port: 5606 |
There was a problem hiding this comment.
@suyograo also, does netflow has a tcp setting? i thought it was udp.
|
|
||
| [source,shell] | ||
| ---- | ||
| bin/logstash --modules netflow -M "netflow.var.input.udp.port=3555" -M "netflow.var.elasticseach.host=my-es-cloud" |
There was a problem hiding this comment.
@suyograo same comment here as above.
No description provided.