diff --git a/auditbeat/docs/modules.asciidoc b/auditbeat/docs/modules.asciidoc index 061557bfd97c..d94daa75bad1 100644 --- a/auditbeat/docs/modules.asciidoc +++ b/auditbeat/docs/modules.asciidoc @@ -7,9 +7,4 @@ This section contains detailed information about the metric collecting modules contained in {beatname_uc}. More details about each module can be found under the links below. -//pass macro block used here to remove Edit links from modules documentation because it is generated -pass::[] include::modules_list.asciidoc[] - - - diff --git a/filebeat/docs/autodiscover-hints.asciidoc b/filebeat/docs/autodiscover-hints.asciidoc index a49a8abd055e..afeb48328dd1 100644 --- a/filebeat/docs/autodiscover-hints.asciidoc +++ b/filebeat/docs/autodiscover-hints.asciidoc @@ -40,18 +40,18 @@ Instead of using raw `docker` input, specifies the module to use to parse logs f When module is configured, map container logs to module filesets. You can either configure a single fileset like this: -["source","yaml",subs="attributes"] -------------------------------------------------------------------------------------- +[source,yaml] +----- co.elastic.logs/fileset: access -------------------------------------------------------------------------------------- +----- Or configure a fileset per stream in the container (stdout and stderr): -["source","yaml",subs="attributes"] -------------------------------------------------------------------------------------- +[source,yaml] +----- co.elastic.logs/fileset.stdout: access co.elastic.logs/fileset.stderr: error -------------------------------------------------------------------------------------- +----- [float] ===== `co.elastic.logs/raw` @@ -59,10 +59,10 @@ When an entire input/module configuration needs to be completely set the `raw` h stringified JSON of the input configuration. `raw` overrides every other hint and can be used to create bot a single or a list of configurations. -["source","yaml",subs="attributes"] -------------------------------------------------------------------------------------- +[source,yaml] +----- co.elastic.logs/raw: "[{\"containers\":{\"ids\":[\"${data.container.id}\"]},\"multiline\":{\"negate\":\"true\",\"pattern\":\"^test\"},\"type\":\"docker\"}]" -------------------------------------------------------------------------------------- +----- [float] ===== `co.elastic.logs/processors` @@ -73,11 +73,11 @@ of supported processors. In order to provide ordering of the processor definition, numbers can be provided. If not, the hints builder will do arbitrary ordering: -["source","yaml"] -------------------------------------------------------------------------------------- +[source,yaml] +----- co.elastic.logs/processors.1.dissect.tokenizer: "%{key1} %{key2}" co.elastic.logs/processors.dissect.tokenizer: "%{key2} %{key1}" -------------------------------------------------------------------------------------- +----- In the above sample the processor definition tagged with `1` would be executed first. @@ -86,23 +86,23 @@ In the above sample the processor definition tagged with `1` would be executed f Kubernetes autodiscover provider supports hints in Pod annotations. To enable it just set `hints.enabled`: -["source","yaml",subs="attributes"] -------------------------------------------------------------------------------------- +[source,yaml] +----- filebeat.autodiscover: providers: - type: kubernetes hints.enabled: true -------------------------------------------------------------------------------------- +----- You can annotate Kubernetes Pods with useful info to spin up {beatname_uc} inputs or modules: -["source","yaml",subs="attributes"] -------------------------------------------------------------------------------------- +[source,yaml] +----- annotations: co.elastic.logs/multiline.pattern: '^\[' co.elastic.logs/multiline.negate: true co.elastic.logs/multiline.match: after -------------------------------------------------------------------------------------- +----- [float] @@ -113,14 +113,14 @@ hint. For example, these hints configure multiline settings for all containers i specific `exclude_lines` hint for the container called `sidecar`. -["source","yaml",subs="attributes"] -------------------------------------------------------------------------------------- +[source,yaml] +----- annotations: co.elastic.logs/multiline.pattern: '^\[' co.elastic.logs/multiline.negate: true co.elastic.logs/multiline.match: after co.elastic.logs.sidecar/exclude_lines: '^DBG' -------------------------------------------------------------------------------------- +----- @@ -129,22 +129,22 @@ annotations: Docker autodiscover provider supports hints in labels. To enable it just set `hints.enabled`: -["source","yaml",subs="attributes"] -------------------------------------------------------------------------------------- +[source,yaml] +----- filebeat.autodiscover: providers: - type: docker hints.enabled: true -------------------------------------------------------------------------------------- +----- You can label Docker containers with useful info to spin up {beatname_uc} inputs, for example: -["source","yaml",subs="attributes"] -------------------------------------------------------------------------------------- +[source,yaml] +----- co.elastic.logs/module: nginx co.elastic.logs/fileset.stdout: access co.elastic.logs/fileset.stderr: error -------------------------------------------------------------------------------------- +----- The above labels configure {beatname_uc} to use the Nginx module to harvest logs for this container. Access logs will be retrieved from stdout stream, and error logs from stderr. diff --git a/filebeat/docs/filebeat-general-options.asciidoc b/filebeat/docs/filebeat-general-options.asciidoc index 947eb27f67a4..df3491a06994 100644 --- a/filebeat/docs/filebeat-general-options.asciidoc +++ b/filebeat/docs/filebeat-general-options.asciidoc @@ -53,7 +53,7 @@ filebeat.registry_file_permissions: 0600 [float] ==== `config_dir` -deprecated[6.0.0, Use <> instead.] +deprecated:[6.0.0, Use <> instead.] The full path to the directory that contains additional input configuration files. Each configuration file must end with `.yml`. Each config file must also specify the full Filebeat diff --git a/filebeat/docs/inputs/input-redis.asciidoc b/filebeat/docs/inputs/input-redis.asciidoc index 05d3f9ec2075..20ba132c6c77 100644 --- a/filebeat/docs/inputs/input-redis.asciidoc +++ b/filebeat/docs/inputs/input-redis.asciidoc @@ -18,7 +18,7 @@ Example configuration: {beatname_lc}.inputs: - type: redis hosts: ["localhost:6379"] - password: "$\{redis_pwd\}" + password: "${redis_pwd}" ---- diff --git a/filebeat/docs/modules.asciidoc b/filebeat/docs/modules.asciidoc index 0a1a2111fc8b..efe3f1724895 100644 --- a/filebeat/docs/modules.asciidoc +++ b/filebeat/docs/modules.asciidoc @@ -9,6 +9,4 @@ modules. Filebeat modules require Elasticsearch 5.2 or later. -//pass macro block used here to remove Edit links from modules documentation because it is generated -pass::[] include::modules_list.asciidoc[] diff --git a/filebeat/docs/modules/osquery.asciidoc b/filebeat/docs/modules/osquery.asciidoc index 0b317c3ea461..b06c232c010b 100644 --- a/filebeat/docs/modules/osquery.asciidoc +++ b/filebeat/docs/modules/osquery.asciidoc @@ -57,6 +57,8 @@ To specify the same settings at the command line, you use: -M "osquery.result.var.paths=[/path/to/osqueryd.results.log*]" ----- +//set the fileset name used in the included example +:fileset_ex: result include::../include/config-option-intro.asciidoc[] [float] diff --git a/filebeat/module/osquery/_meta/docs.asciidoc b/filebeat/module/osquery/_meta/docs.asciidoc index 8f00e7039ac3..b8601be91749 100644 --- a/filebeat/module/osquery/_meta/docs.asciidoc +++ b/filebeat/module/osquery/_meta/docs.asciidoc @@ -52,6 +52,8 @@ To specify the same settings at the command line, you use: -M "osquery.result.var.paths=[/path/to/osqueryd.results.log*]" ----- +//set the fileset name used in the included example +:fileset_ex: result include::../include/config-option-intro.asciidoc[] [float] diff --git a/heartbeat/docs/heartbeat-options.asciidoc b/heartbeat/docs/heartbeat-options.asciidoc index b6aa9bfa7bac..9576f42c4968 100644 --- a/heartbeat/docs/heartbeat-options.asciidoc +++ b/heartbeat/docs/heartbeat-options.asciidoc @@ -1,8 +1,8 @@ [[configuration-heartbeat-options]] -== Set up monitors +== Set up {beatname_uc} monitors ++++ -Set up Heartbeat monitors +Set up monitors ++++ The `heartbeat.monitors` section of the +heartbeat.yml+ config file specifies diff --git a/libbeat/docs/config-file-format.asciidoc b/libbeat/docs/config-file-format.asciidoc index efbfb34aad8f..edb900c40a18 100644 --- a/libbeat/docs/config-file-format.asciidoc +++ b/libbeat/docs/config-file-format.asciidoc @@ -12,27 +12,27 @@ have the same indentation level. Dictionaries are represented by simple `key: value` pairs all having the same indentation level. The colon after `key` must be followed by a space. -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- +[source,yaml] +----- name: John Doe age: 34 country: Canada ------------------------------------------------------------------------------- +----- Lists are introduced by dashes `- `. All list members will be lines beginning with `- ` at the same indentation level. -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- +[source,yaml] +----- - Red - Green - Blue ------------------------------------------------------------------------------- +----- Lists and dictionaries are used in beats to build structured configurations. -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- +[source,yaml] +----- filebeat: inputs: - type: log @@ -41,16 +41,16 @@ filebeat: multiline: pattern: '^[' match: after ------------------------------------------------------------------------------- +----- Lists and dictionaries can also be represented in abbreviated form. Abbreviated form is somewhat similar to JSON using `{}` for dictionaries and `[]` for lists: -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- -person: \{name: "John Doe", age: 34, country: "Canada"} +[source,yaml] +----- +person: {name: "John Doe", age: 34, country: "Canada"} colors: ["Red", "Green", "Blue"] ------------------------------------------------------------------------------- +----- The following topics provide more detail to help you understand and work with config files in YAML: @@ -73,13 +73,12 @@ file. For example this setting: ["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- - +----- output: elasticsearch: index: 'beat-%{[beat.version]}-%{+yyyy.MM.dd}' ------------------------------------------------------------------------------- +----- gets collapsed into `output.elasticsearch.index: 'beat-%{[beat.version]}-%{+yyyy.MM.dd}'`. The full name of a setting is based on all parent structures involved. @@ -88,14 +87,12 @@ Lists create numeric names starting with 0. For example this filebeat setting: -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- - +[source,yaml] +----- filebeat: inputs: - type: log - ------------------------------------------------------------------------------- +----- Gets collapsed into `filebeat.inputs.0.type: log`. @@ -106,9 +103,8 @@ Note: having two settings with same fully collapsed path is invalid. Simple filebeat example with partially collapsed setting names and use of compact form: -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- - +[source,yaml] +----- filebeat.inputs: - type: log paths: ["/var/log/*.log"] @@ -116,8 +112,7 @@ filebeat.inputs: multiline.match: after output.elasticsearch.hosts: ["http://localhost:9200"] - ------------------------------------------------------------------------------- +----- [[config-file-format-type]] === Config file data types @@ -131,23 +126,23 @@ string is given when a number is required - the beat will fail to start up. Boolean values can be either `true` or `false`. Alternative names for `true` are `yes` and `on`. Instead of `false` the values `no` and `off` can be used. -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- +[source,yaml] +----- enabled: true disabled: false ------------------------------------------------------------------------------- +----- ==== Number Number values require you to enter the number to use without using single or double quotes. Some settings only support a restricted number range though. -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- +[source,yaml] +----- integer: 123 negative: -1 float: 5.4 ------------------------------------------------------------------------------- +----- ==== String @@ -174,12 +169,12 @@ Durations require a numeric value with optional fraction and required unit. Valid time units are `ns`, `us`, `ms`, `s`, `m`, `h`. Sometimes features based on durations can be disabled by using zero or negative durations. -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- +[source,yaml] +----- duration1: 2.5s duration2: 6h duration_disabled: -1s ------------------------------------------------------------------------------- +----- ==== Regular expression @@ -203,12 +198,12 @@ You can also format time stored in the `@timestamp` field using the `+FORMAT` syntax where FORMAT is a valid https://godoc.org/github.com/elastic/beats/libbeat/common/dtfmt[time format]. -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- +[source,yaml] +----- constant-format-string: 'constant string' field-format-string: '%{[fieldname]} string' format-string-with-date: '%{[fieldname]}-%{+yyyy.MM.dd}' ------------------------------------------------------------------------------- +----- [[config-file-format-env-vars]] @@ -226,23 +221,23 @@ referenced to. For example the filebeat registry file defaults to: -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- -filebeat.registry: $\{path.data}/registry ------------------------------------------------------------------------------- +[source,yaml] +----- +filebeat.registry: ${path.data}/registry +----- With `path.data` being an implicit config setting, that is overridable from command line, as well as in the configuration file. Example referencing `es.host` in `output.elasticsearch.hosts`: -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- -es.host: '$\{ES_HOST:localhost}' +[source,yaml] +----- +es.host: '${ES_HOST:localhost}' output.elasticsearch: - hosts: ['http://$\{es.host}:9200'] ------------------------------------------------------------------------------- + hosts: ['http://${es.host}:9200'] +----- Introducing `es.host`, the host can be overwritten from command line using `-E es.host=another-host`. @@ -252,8 +247,8 @@ references or strings can reference complete namespaces. These setting with duplicate content: -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- +[source,yaml] +----- namespace1: subnamespace: host: localhost @@ -263,20 +258,20 @@ namespace2: subnamespace: host: localhost sleep: 1s ------------------------------------------------------------------------------- +----- can be rewritten to -["source","yaml",subs="attributes"] ------------------------------------------------------------------------------- -namespace1: $\{shared} -namespace2: $\{shared} +[source,yaml] +----- +namespace1: ${shared} +namespace2: ${shared} shared: subnamespace: host: localhost sleep: 1s ------------------------------------------------------------------------------- +----- when using plain references. @@ -299,21 +294,21 @@ file is owned by `root` and has file permissions of `0644` (`-rw-r--r--`). You may encounter the following errors if your config file fails these checks: -["source","sh"] --------------------------------------------------------------------------------- +[source,sh] +----- Exiting: error loading config file: config file ("{beatname}.yml") must be owned by the beat user (uid=501) or root --------------------------------------------------------------------------------- +----- To correct this problem you can use either `chown root {beatname}.yml` or `chown 501 {beatname}.yml` to change the owner of the configuration file. -["source","sh"] --------------------------------------------------------------------------------- +[source,sh] +----- Exiting: error loading config file: config file ("{beatname}.yml") can only be writable by the owner but the permissions are "-rw-rw-r--" (to fix the permissions use: 'chmod go-w /etc/{beatname}/{beatname}.yml') --------------------------------------------------------------------------------- +----- To correct this problem, use `chmod go-w /etc/{beatname}/{beatname}.yml` to remove write privileges from anyone other than the owner. @@ -343,27 +338,27 @@ dictionary. For example, given the following configuration: -["source","yaml"] --------------------------------------------------------------------------------- +[source,yaml] +----- output.elasticsearch: hosts: ["http://localhost:9200"] username: username password: password --------------------------------------------------------------------------------- +----- You can disable the Elasticsearch output and write all events to the console by setting: -["source","sh"] --------------------------------------------------------------------------------- +[source,sh] +----- -E output='{elasticsearch.enabled: false, console.pretty: true}' --------------------------------------------------------------------------------- +----- Any complex objects that you specify at the command line are merged with the original configuration, and the following configuration is passed to the Beat: -["source","yaml"] --------------------------------------------------------------------------------- +[source,yaml] +----- output.elasticsearch: enabled: false hosts: ["http://localhost:9200"] @@ -372,7 +367,7 @@ output.elasticsearch: output.console: pretty: true --------------------------------------------------------------------------------- +----- [[config-file-format-tips]] diff --git a/libbeat/docs/outputconfig.asciidoc b/libbeat/docs/outputconfig.asciidoc index d20a76a9c954..839bbe70c106 100644 --- a/libbeat/docs/outputconfig.asciidoc +++ b/libbeat/docs/outputconfig.asciidoc @@ -212,7 +212,7 @@ for more information about the environment variables. ===== `index` The index name to write events to. The default is -+"{beatname_lc}-%\{[beat.version]\}-%\{+yyyy.MM.dd\}"+ (for example, ++"{beatname_lc}-%{[beat.version]}-%{+yyyy.MM.dd}"+ (for example, +"{beatname_lc}-{version}-{localdate}"+). If you change this setting, you also need to configure the `setup.template.name` and `setup.template.pattern` options (see <>). If you are using the pre-built Kibana @@ -227,7 +227,7 @@ to set the index: ------------------------------------------------------------------------------ output.elasticsearch: hosts: ["http://localhost:9200"] - index: "%\{[fields.log_type]\}-%\{[beat.version]\}-%\{+yyyy.MM.dd}\" <1> + index: "%{[fields.log_type]}-%{[beat.version]}-%{+yyyy.MM.dd}" <1> ------------------------------------------------------------------------------ <1> We recommend including `beat.version` in the name to avoid mapping issues @@ -340,7 +340,7 @@ access any event field. For example, this configuration uses a custom field, ------------------------------------------------------------------------------ output.elasticsearch: hosts: ["http://localhost:9200"] - pipeline: "%\{[fields.log_type]\}_pipeline" + pipeline: "%{[fields.log_type]}_pipeline" ------------------------------------------------------------------------------ @@ -1144,19 +1144,19 @@ See <> for more information. ===== `host_topology` -deprecated[5.0.0] +deprecated:[5.0.0] The Redis host to connect to when using topology map support. Topology map support is disabled if this option is not set. ===== `password_topology` -deprecated[5.0.0] +deprecated:[5.0.0] The password to use for authenticating with the Redis topology server. The default is no authentication. ===== `db_topology` -deprecated[5.0.0] +deprecated:[5.0.0] The Redis database number where the topology information is stored. The default is 1. diff --git a/libbeat/docs/processors-using.asciidoc b/libbeat/docs/processors-using.asciidoc index 7417de28eea7..4def8dfea72c 100644 --- a/libbeat/docs/processors-using.asciidoc +++ b/libbeat/docs/processors-using.asciidoc @@ -68,7 +68,6 @@ collected by {beatname_uc}. * Under a specific {processor-scope}. The processor is applied to the data collected for that {processor-scope}. ifeval::["{beatname_lc}"=="filebeat"] -For example: + [source,yaml] ------ @@ -85,6 +84,7 @@ Similarly, for {beatname_uc} modules, you can define processors under the `input` section of the module definition. endif::[] ifeval::["{beatname_lc}"=="metricbeat"] ++ [source,yaml] ---- - module: @@ -97,7 +97,6 @@ ifeval::["{beatname_lc}"=="metricbeat"] ---- endif::[] ifeval::["{beatname_lc}"=="auditbeat"] -For example: + [source,yaml] ---- @@ -111,7 +110,6 @@ auditbeat.modules: ---- endif::[] ifeval::["{beatname_lc}"=="packetbeat"] -For example: + [source,yaml] ---- @@ -138,7 +136,6 @@ packetbeat.flows: ---- endif::[] ifeval::["{beatname_lc}"=="heartbeat"] -For example: + [source,yaml] ---- @@ -152,7 +149,6 @@ heartbeat.monitors: ---- endif::[] ifeval::["{beatname_lc}"=="winlogbeat"] -For example: + [source,yaml] ---- diff --git a/libbeat/docs/regexp.asciidoc b/libbeat/docs/regexp.asciidoc index 24fc6f1c2b0c..1e776bc2a422 100644 --- a/libbeat/docs/regexp.asciidoc +++ b/libbeat/docs/regexp.asciidoc @@ -110,7 +110,7 @@ The following patterns are supported: |`[[:blank:]]` |blank (same as `[\t ]`) |`[[:cntrl:]]` |control (same as `[\x00-\x1F\x7F]`) |`[[:digit:]]` |digits (same as `[0-9]`) -|`[[:graph:]]` |graphical (same as `[!-~] == [A-Za-z0-9!"#$%&'()*+,\-./:;<=>?@[\\\\]^_`` `{\|}~]`) +|`[[:graph:]]` |graphical (same as `[!-~] == [A-Za-z0-9!"#$%&'()*+,\-./:;<=>?@[\\\]^_`` `{\|}~]`) |`[[:lower:]]` |lower case (same as `[a-z]`) |`[[:print:]]` |printable (same as `[ -~] == [ [:graph:]]`) |`[[:punct:]]` |punctuation (same as ++[!-/:-@[-`{-~]++) diff --git a/libbeat/docs/template-config.asciidoc b/libbeat/docs/template-config.asciidoc index 0ab1c35681ee..6d8d9193fa37 100644 --- a/libbeat/docs/template-config.asciidoc +++ b/libbeat/docs/template-config.asciidoc @@ -24,18 +24,12 @@ you must <>. *`setup.template.name`*:: The name of the template. The default is +{beatname_lc}+. The {beatname_uc} version is always appended to the given -name, so the final name is +{beatname_lc}-%\{[beat.version]\}+. - -// Maintainers: a backslash character is required to escape curly braces and -// asterisks in inline code examples that contain asciidoc attributes. You'll -// note that a backslash does not appear before the asterisk -// in +{beatname_lc}-%\{[beat.version]\}-*+. This is intentional and formats -// the example as expected. +name, so the final name is +{beatname_lc}-%{[beat.version]}+. *`setup.template.pattern`*:: The template pattern to apply to the default index settings. The default pattern is +{beat_default_index_prefix}-\*+. The {beatname_uc} version is always included in the pattern, so the final pattern is -+{beat_default_index_prefix}-%\{[beat.version]\}-*+. The wildcard character `-*` is used to ++{beat_default_index_prefix}-%{[beat.version]}-*+. The wildcard character `-*` is used to match all daily indices. + Example: diff --git a/metricbeat/docs/modules.asciidoc b/metricbeat/docs/modules.asciidoc index a4c3e798f3b9..ea572984ff3a 100644 --- a/metricbeat/docs/modules.asciidoc +++ b/metricbeat/docs/modules.asciidoc @@ -7,8 +7,6 @@ This section contains detailed information about the metric collecting modules contained in {beatname_uc}. Each module contains one or multiple metricsets. More details about each module can be found under the links below. -//pass macro block used here to remove Edit links from modules documentation because it is generated -pass::[] include::modules_list.asciidoc[] diff --git a/packetbeat/docs/faq.asciidoc b/packetbeat/docs/faq.asciidoc index 5ec3a3165951..366a77c832f8 100644 --- a/packetbeat/docs/faq.asciidoc +++ b/packetbeat/docs/faq.asciidoc @@ -17,9 +17,9 @@ The index template might not be loaded correctly. See <>. The interface needs to be set to promiscuous mode. Run the following command: ["source","sh",subs="attributes,callouts"] ----------------------------------------------------------------------- +---- ip link set promisc on ----------------------------------------------------------------------- +---- For example: `ip link set enp5s0f1 promisc on` @@ -42,14 +42,14 @@ For the list of devices shown here, you would configure Packetbeat to use device `4`: ["source","sh"] ----------------------------------------------------------------------- +---- PS C:\Users\vagrant\Desktop\packetbeat-1.2.0-windows> .\packetbeat.exe -devices 0: \Device\NPF_NdisWanBh (NdisWan Adapter) 1: \Device\NPF_NdisWanIp (NdisWan Adapter) 2: \Device\NPF_NdisWanIpv6 (NdisWan Adapter) 3: \Device\NPF_{DD72B02C-4E48-4924-8D0F-F80EA2755534} (Intel(R) PRO/1000 MT Desktop Adapter) 4: \Device\NPF_{77DFFCAF-1335-4B0D-AFD4-5A4685674FAA} (MS NDIS 6.0 LoopBack Driver) ----------------------------------------------------------------------- +---- [float] [[packetbeat-missing-transactions]]