Re: Shipping Qlik logs to logstash and elastic - Qlik Community

Prabodh · ‎2020-10-13

The log format of Replicate and QEM are pretty consistent. We are shipping the logs to elastic search for long term storage, dashboarding and searchability. We are using filebeats to send these logs to logstash. Logstash sends the logs to elastic.

I want to check if Qlik has defined Filebeat config to read the logs. The default filebeat config is pretty straight forward, which we have already implemented. However, in some cases the log span over multiple lines and in some cases the tools log some header lines which can be ignored. Filebeat has capability to define multi-line logs and to ignore certain log files. Does Qlik or anyone else in the community have the configs defined to read the logs? It would be even better if Qlik has filebeat modules to parse these logs.

In addition to shipping the logs using filebeat, logstash helps in parsing the logs. Has Qlikor anyone else in the community defined GROK filters to parse the Replicate and QEM logs in logstash?

David_Fergen · ‎2020-10-14

Hey Pradobh,

I am sorry but unfortunately, we won't have any documentation for Filebeat configuration. But someone else in the community might have the configurations.

Let us know if you have any other questions!

Thanks,

David

Daniel1 · ‎2020-10-19

Hi, did you manage to find more about this? I also need to set up the process with filebeat. Are you waiting until logs are written to disk (8mb or 12 hours) and using them or are you pulling directly from QLogs db? I want to have alerting set up as soon as a server or task falls over but unsure where to start. Just starting the investigation now so any help is appreciated!

Shipping Qlik logs to logstash and elastic

Best Practices

Other