- Journalbeat Reference for 6.5-7.15:
- Overview
- Get started
- Set up and run
- Configure
- Inputs
- General settings
- Project paths
- Output
- SSL
- Index lifecycle management (ILM)
- Elasticsearch index template
- Processors
- Define processors
- add_cloud_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_csv_fields
- decode_json_fields
- decompress_gzip_field
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- registered_domain
- rename
- script
- timestamp
- truncate_fields
- Internal queue
- Logging
- HTTP endpoint
- Regular expression support
- journalbeat.reference.yml
- How to guides
- Exported fields
- Monitor
- Secure
- Troubleshoot
This functionality is experimental and may be changed or removed completely in a
future release. Elastic will take a best effort approach to fix any issues, but
experimental features are not subject to the support SLA of official GA
features.
Debug
editDebug
editBy default, Journalbeat sends all its output to syslog. When you run Journalbeat in
the foreground, you can use the -e command line flag to redirect the output to
standard error instead. For example:
journalbeat -e
The default configuration file is journalbeat.yml (the location of the file varies by
platform). You can use a different configuration file by specifying the -c flag. For example:
journalbeat -e -c myjournalbeatconfig.yml
You can increase the verbosity of debug messages by enabling one or more debug
selectors. For example, to view the published transactions, you can start Journalbeat
with the publish selector like this:
journalbeat -e -d "publish"
If you want all the debugging output (fair warning, it’s quite a lot), you can
use *, like this:
journalbeat -e -d "*"
Was this helpful?
Thank you for your feedback.