What a good speaker, explanations were clear and concise.

one of the greatest presentations I have seen. BRAVO

I thought this was great, Until you missed that Nicholas Cage was Ghost Rider in a 2007 movie. (Or did you block that out because it was so bad?)

Really great and detailed presentation. Very nice...

Excelente! Não só explicou muito bem, mas também explicou o que era fundamental. Grande aula.

can you please make a video on filebeat-cloudfoundry to logastash video

Very great talk thank you!

Hi Team, Can you please let me know how filebeat decides that under which Index , the particular document should go in Elastic Search. I am not able to find this answer.

How to define path in filebeat yml if i want to read data (realtime csv file) from another machine in network?

If we add new changes every time need to run filebeat setup?

Hi Does filebeat work for Logstash as output?

... Hoping there is similar AuditBeat, PacketBeat, MetricBeat, WinLogBeat videos... if YES, please update the video text with links to them

with heroes 04 ... you pulled the config into a separate filebeats.yml file. this imply you will run 2 processes, or can you pull this into the main file, with this file still going to it's own idex/pipeline, and the other /var/log/*.log's index... just thinking, you might have multiple files in the same directory, and you want each to go into it's own index, some single line, some multi line, some structured etc, ... expanding on this... i might want to have a single filebeat.yml processing running, but push each source log onto it's own kafka topic, to be then pushed via a Kafka Connector to it's own index.

... with one filebeat process running,I see we can specify the topic, based on a "when" clause, and I noticed to you can include a kafka message key (helping make sure all messages for a key (maybe message per file) is in same order on a topic (localised to a partition), question, in a scenario where I say don't want to use a kafka key, can I then split the output to different topics (or even indexes) based on the originating input file,

question, when shipping via kafka, how can you execute the kibana configuration, thinking you might have a setup where the sources (*beats) then only have access to the kafka brokers and not the elasticsearch or Kibana server.

Question: I have several fortinet firewalls, and I want to create a single filebeat server with several indexes, one index for each fortigate device, how do I do this type of configuration?

How can I have access to the sample logs?

a technical question, the prospector's look for new files, is this based on name or a inode.. as with file rotation todays file is compressed and renamed tonight and a new file is then created with the same name, which implies the registry entry needs to be reset to line 0.

how would you control filebeat to ship the log/data from the current timestamp or the day prior? is there an option to control this? or in other words, whenever I stop and restart the filebeat it should take the current timestamp or a predefined config value like day - 1 or so to parse and ship it and not the entire file. is it possible?

Can I download slides from somewhere?

... for structured events, if the start and end includes a event id, can they be associated with each other, in the current form of your example it plays to a batch process starting and ending, not to many transactions that can end being interlaced ?

Bravo thanks. But I have question Please which software do you use for making courses

Thank you for the explanations.

Awesome presentation. Thank you

hhehee, apologies for all the questions, noticed you also on a MAC, noticed you not doing a sudo on each command, did you change the ownership, allowing filebeat to operate, or did you do a sudo su - when were not lookin, as when you created new files you also never modified permissions.

adding to the structured event, #1 you want to extract the main start and end as a event, what if the main "loop" include sub loops that you want to show thenself. thin a large batch starting with a start and end, but inside the large batch you have multiple looping processes that you want to show as they cycle, (and not wait for the main batch start/end ) to complete.

Thank you :)

Amazing content!!! Great instructor!! Congrats!!!

A nice, concise presentation. Thanks