Home Explore Help
Sign In
Database
/
manticoresearch
mirror of https://github.com/manticoresoftware/manticoresearch.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
manticoresearch
/
.translation-cache
/
Integration
/
Filebeat.md.json

Filebeat.md.json 57 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839 
  1. {
    2. 

  2.     "2eb051735c68badaf960d71b74cecbefa195bd6640571b4e2b7fec3a2b517d93": {
    3. 

  3.         "original": "# Integration with Filebeat\n\n> NOTE: The integration with Filebeat requires [Manticore Buddy](../Installation/Manticore_Buddy.md). If it doesn't work, make sure Buddy is installed.\n\n[Filebeat](https://www.elastic.co/beats/filebeat) is a lightweight shipper for forwarding and centralizing log data. Once installed as an agent, it monitors the log files or locations you specify, collects log events, and forwards them for indexing, usually to Elasticsearch or Logstash.\n\nNow, Manticore also supports the use of Filebeat as processing pipelines. This allows the collected and transformed data to be sent to Manticore just like to Elasticsearch. Currently, versions 7.17-9.2 are supported.\n\n## Filebeat configuration\n\nConfiguration varies depending on which version of Filebeat you're using.\n\n### Configuration for Filebeat 7.17, 8.0, 8.1\n\n> **Important**: Filebeat versions 7.17.0, 8.0.0, and 8.1.0 have a known issue with glibc 2.35+ (used in Ubuntu 22.04 and newer distributions). These versions may crash with \"Fatal glibc error: rseq registration failed\". To fix this, add the `seccomp` configuration as shown below.\n\nCODE_BLOCK_0\n\n**References**: [Issue #30576](https://github.com/elastic/beats/issues/30576), [PR #30620](https://github.com/elastic/beats/pull/30620)\n\n\n### Configuration for Filebeat 8.1 - 8.10\n\nFor versions 8.1 through 8.10, you need to add the `allow_older_versions` option:\n\nCODE_BLOCK_1\n\n### Configuration for Filebeat 8.11 - 8.19\n\nFrom version 8.11, output compression is enabled by default, so you must explicitly set `compression_level: 0` for compatibility with Manticore:\n\nCODE_BLOCK_2\n\n### Configuration for Filebeat 9.0+\n\nFilebeat 9.0 introduces a major architecture change, replacing the `log` input type with `filestream`. Starting from version 9.0, the default file identification method also changed to fingerprint, which requires files to be at least 1024 bytes ([see issue #44780](https://github.com/elastic/beats/issues/44780)). For Manticore compatibility with files of any size, you must disable fingerprinting.\n\nHere's the required configuration for Filebeat 9.0 and all later versions:\n\nCODE_BLOCK_3\n\n**Important notes for Filebeat 9.0+:**\n- The `type: filestream` input replaces the older `type: log`\n- The `prospector.scanner.fingerprint.enabled: false` setting is **required** to disable fingerprint-based file identification, ensuring reliable processing of files smaller than 1024 bytes\n- The `id` field is required for filestream inputs and must be unique\n\n## Filebeat results\n\nOnce you run Filebeat with this configuration, log data will be sent to Manticore and properly indexed. Here is the resulting schema of the table created by Manticore and an example of the inserted document:\n\nCODE_BLOCK_4\n\nCODE_BLOCK_5\n",
    4. 

  4.         "translations": {
    5. 

  5.             "chinese": "# \u4e0e Filebeat \u7684\u96c6\u6210\n\n> \u6ce8\u610f\uff1a\u4e0e Filebeat \u7684\u96c6\u6210\u9700\u8981 [Manticore Buddy](../Installation/Manticore_Buddy.md)\u3002\u5982\u679c\u65e0\u6cd5\u6b63\u5e38\u5de5\u4f5c\uff0c\u8bf7\u786e\u4fdd\u5df2\u5b89\u88c5 Buddy\u3002\n\n[Filebeat](https://www.elastic.co/beats/filebeat) \u662f\u4e00\u4e2a\u7528\u4e8e\u8f6c\u53d1\u548c\u96c6\u4e2d\u65e5\u5fd7\u6570\u636e\u7684\u8f7b\u91cf\u7ea7\u91c7\u96c6\u5668\u3002\u5b89\u88c5\u4e3a\u4ee3\u7406\u540e\uff0c\u5b83\u4f1a\u76d1\u63a7\u60a8\u6307\u5b9a\u7684\u65e5\u5fd7\u6587\u4ef6\u6216\u4f4d\u7f6e\uff0c\u6536\u96c6\u65e5\u5fd7\u4e8b\u4ef6\uff0c\u5e76\u8f6c\u53d1\u4ee5\u8fdb\u884c\u7d22\u5f15\uff0c\u901a\u5e38\u662f\u5230 Elasticsearch \u6216 Logstash\u3002\n\n\u73b0\u5728\uff0cManticore \u540c\u6837\u652f\u6301\u5c06 Filebeat \u7528\u4f5c\u5904\u7406\u7ba1\u9053\u3002\u8fd9\u5141\u8bb8\u5c06\u6536\u96c6\u5e76\u8f6c\u6362\u7684\u6570\u636e\u50cf\u53d1\u9001\u5230 Elasticsearch \u4e00\u6837\u53d1\u9001\u5230 Manticore\u3002\u76ee\u524d\u652f\u6301\u7248\u672c\u4e3a 7.17-9.2\u3002\n\n## Filebeat \u914d\u7f6e\n\n\u914d\u7f6e\u56e0\u60a8\u4f7f\u7528\u7684 Filebeat \u7248\u672c\u800c\u5f02\u3002\n\n### Filebeat 7.17\u30018.0\u30018.1 \u7684\u914d\u7f6e\n\n> **\u91cd\u8981**\uff1aFilebeat \u7248\u672c 7.17.0\u30018.0.0 \u548c 8.1.0 \u4e0e glibc 2.35+\uff08\u7528\u4e8e Ubuntu 22.04 \u53ca\u66f4\u9ad8\u7248\u672c\uff09\u5b58\u5728\u5df2\u77e5\u95ee\u9898\u3002\u8fd9\u4e9b\u7248\u672c\u53ef\u80fd\u4f1a\u56e0\u201cFatal glibc error: rseq registration failed\u201d\u800c\u5d29\u6e83\u3002\u4e3a\u89e3\u51b3\u6b64\u95ee\u9898\uff0c\u8bf7\u6309\u5982\u4e0b\u793a\u4f8b\u6dfb\u52a0 `seccomp` \u914d\u7f6e\u3002\n\nCODE_BLOCK_0\n\n**\u53c2\u8003\u8d44\u6599**\uff1a[Issue #30576](https://github.com/elastic/beats/issues/30576), [PR #30620](https://github.com/elastic/beats/pull/30620)\n\n\n### Filebeat 8.1 - 8.10 \u7684\u914d\u7f6e\n\n\u5bf9\u4e8e 8.1 \u5230 8.10 \u7248\u672c\uff0c\u9700\u8981\u6dfb\u52a0 `allow_older_versions` \u9009\u9879\uff1a\n\nCODE_BLOCK_1\n\n### Filebeat 8.11 - 8.19 \u7684\u914d\u7f6e\n\n\u4ece 8.11 \u7248\u672c\u5f00\u59cb\uff0c\u9ed8\u8ba4\u542f\u7528\u8f93\u51fa\u538b\u7f29\uff0c\u56e0\u6b64\u5fc5\u987b\u660e\u786e\u8bbe\u7f6e `compression_level: 0` \u4ee5\u4fdd\u8bc1\u4e0e Manticore \u517c\u5bb9\uff1a\n\nCODE_BLOCK_2\n\n### Filebeat 9.0 \u53ca\u4ee5\u4e0a\u7248\u672c\u7684\u914d\u7f6e\n\nFilebeat 9.0 \u5f15\u5165\u4e86\u91cd\u5927\u67b6\u6784\u53d8\u66f4\uff0c\u66ff\u6362\u4e86 `log` \u8f93\u5165\u7c7b\u578b\u4e3a `filestream`\u3002\u4ece 9.0 \u7248\u672c\u5f00\u59cb\uff0c\u9ed8\u8ba4\u7684\u6587\u4ef6\u8bc6\u522b\u65b9\u5f0f\u4e5f\u6539\u4e3a\u6307\u7eb9\uff08fingerprint\uff09\uff0c\u8981\u6c42\u6587\u4ef6\u81f3\u5c11\u4e3a 1024 \u5b57\u8282\uff08[\u89c1 issue #44780](https://github.com/elastic/beats/issues/44780)\uff09\u3002\u4e3a\u4fdd\u8bc1 Manticore \u517c\u5bb9\u4efb\u610f\u5927\u5c0f\u7684\u6587\u4ef6\uff0c\u5fc5\u987b\u7981\u7528\u6307\u7eb9\u8bc6\u522b\u3002\n\n\u4ee5\u4e0b\u4e3a Filebeat 9.0 \u53ca\u4ee5\u540e\u7684\u7248\u672c\u6240\u9700\u914d\u7f6e\uff1a\n\nCODE_BLOCK_3\n\n**\u5173\u4e8e Filebeat 9.0+ \u7684\u91cd\u8981\u8bf4\u660e\uff1a**\n- `type: filestream` \u8f93\u5165\u53d6\u4ee3\u4e86\u65e7\u7684 `type: log`\n- `prospector.scanner.fingerprint.enabled: false` \u914d\u7f6e**\u5fc5\u987b**\u7981\u7528\u57fa\u4e8e\u6307\u7eb9\u7684\u6587\u4ef6\u8bc6\u522b\uff0c\u4ee5\u786e\u4fdd\u80fd\u591f\u53ef\u9760\u5904\u7406\u5c0f\u4e8e 1024 \u5b57\u8282\u7684\u6587\u4ef6\n- filestream \u8f93\u5165\u9700\u8981 `id` \u5b57\u6bb5\uff0c\u5e76\u4e14\u8be5\u5b57\u6bb5\u5fc5\u987b\u552f\u4e00\n\n## Filebeat \u7ed3\u679c\n\n\u4e00\u65e6\u60a8\u4f7f\u7528\u6b64\u914d\u7f6e\u8fd0\u884c Filebeat\uff0c\u65e5\u5fd7\u6570\u636e\u5c06\u88ab\u53d1\u9001\u5230 Manticore \u5e76\u6b63\u786e\u7f16\u5165\u7d22\u5f15\u3002\u4ee5\u4e0b\u662f Manticore \u521b\u5efa\u7684\u8868\u7684\u7ed3\u679c\u6a21\u5f0f\u53ca\u63d2\u5165\u6587\u6863\u7684\u793a\u4f8b\uff1a\n\nCODE_BLOCK_4\n\nCODE_BLOCK_5",
    6. 

  6.             "russian": "# \u0418\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0441 Filebeat\n\n> \u041f\u0420\u0418\u041c\u0415\u0427\u0410\u041d\u0418\u0415: \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0441 Filebeat \u0442\u0440\u0435\u0431\u0443\u0435\u0442 [Manticore Buddy](../Installation/Manticore_Buddy.md). \u0415\u0441\u043b\u0438 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u0443\u0431\u0435\u0434\u0438\u0442\u0435\u0441\u044c, \u0447\u0442\u043e Buddy \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d.\n\n[Filebeat](https://www.elastic.co/beats/filebeat) \u2014 \u044d\u0442\u043e \u043b\u0435\u0433\u043a\u0438\u0439 \u0430\u0433\u0435\u043d\u0442 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u043a\u0438 \u0438 \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043b\u043e\u0433\u043e\u0432. \u041f\u043e\u0441\u043b\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0430\u0433\u0435\u043d\u0442\u0430 \u043e\u043d \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0435 \u0432\u0430\u043c\u0438 \u0444\u0430\u0439\u043b\u044b \u0438\u043b\u0438 \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043b\u043e\u0433\u043e\u0432, \u0441\u043e\u0431\u0438\u0440\u0430\u0435\u0442 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0438 \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u0430\u0435\u0442 \u0438\u0445 \u0434\u043b\u044f \u0438\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u043e\u0431\u044b\u0447\u043d\u043e \u0432 Elasticsearch \u0438\u043b\u0438 Logstash.\n\n\u0422\u0435\u043f\u0435\u0440\u044c Manticore \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 Filebeat \u043a\u0430\u043a \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440\u044b \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0438 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0432 Manticore \u0442\u0430\u043a \u0436\u0435, \u043a\u0430\u043a \u0438 \u0432 Elasticsearch. \u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 7.17 \u043f\u043e 9.2.\n\n## \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f Filebeat\n\n\u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0437\u0430\u0432\u0438\u0441\u0438\u0442 \u043e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e Filebeat.\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 7.17, 8.0, 8.1\n\n> **\u0412\u0430\u0436\u043d\u043e**: \u0432\u0435\u0440\u0441\u0438\u0438 Filebeat 7.17.0, 8.0.0 \u0438 8.1.0 \u0438\u043c\u0435\u044e\u0442 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0441 glibc 2.35+ (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 Ubuntu 22.04 \u0438 \u043d\u043e\u0432\u0435\u0435). \u042d\u0442\u0438 \u0432\u0435\u0440\u0441\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u0430\u0432\u0430\u0440\u0438\u0439\u043d\u043e \u0437\u0430\u0432\u0435\u0440\u0448\u0430\u0442\u044c\u0441\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \"Fatal glibc error: rseq registration failed\". \u0427\u0442\u043e\u0431\u044b \u044d\u0442\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c, \u0434\u043e\u0431\u0430\u0432\u044c\u0442\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e `seccomp`, \u043a\u0430\u043a \u043f\u043e\u043a\u0430\u0437\u0430\u043d\u043e \u043d\u0438\u0436\u0435.\n\nCODE_BLOCK_0\n\n**\u0421\u0441\u044b\u043b\u043a\u0438**: [Issue #30576](https://github.com/elastic/beats/issues/30576), [PR #30620](https://github.com/elastic/beats/pull/30620)\n\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 8.1 - 8.10\n\n\u0414\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 \u0441 8.1 \u043f\u043e 8.10 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043e\u043f\u0446\u0438\u044e `allow_older_versions`:\n\nCODE_BLOCK_1\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 8.11 - 8.19\n\n\u041d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 8.11, \u0441\u0436\u0430\u0442\u0438\u0435 \u0432\u044b\u0432\u043e\u0434\u0430 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043e \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 Manticore \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u044f\u0432\u043d\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u044c `compression_level: 0`:\n\nCODE_BLOCK_2\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 9.0+\n\nFilebeat 9.0 \u0432\u0432\u043e\u0434\u0438\u0442 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0432 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0435, \u0437\u0430\u043c\u0435\u043d\u044f\u044f \u0442\u0438\u043f \u0432\u0432\u043e\u0434\u0430 `log` \u043d\u0430 `filestream`. \u041d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 9.0, \u043c\u0435\u0442\u043e\u0434 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u043c\u0435\u043d\u0451\u043d \u043d\u0430 fingerprint, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f, \u0447\u0442\u043e\u0431\u044b \u0444\u0430\u0439\u043b\u044b \u0431\u044b\u043b\u0438 \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 1024 \u0431\u0430\u0439\u0442 ([\u0441\u043c. issue #44780](https://github.com/elastic/beats/issues/44780)). \u0414\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 Manticore \u0438 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c fingerprint.\n\n\u0412\u043e\u0442 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 9.0 \u0438 \u0432\u0441\u0435\u0445 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439:\n\nCODE_BLOCK_3\n\n**\u0412\u0430\u0436\u043d\u044b\u0435 \u0437\u0430\u043c\u0435\u0442\u043a\u0438 \u0434\u043b\u044f Filebeat 9.0+:**\n- \u0412\u0432\u043e\u0434 `type: filestream` \u0437\u0430\u043c\u0435\u043d\u044f\u0435\u0442 \u0441\u0442\u0430\u0440\u044b\u0439 `type: log`\n- \u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 `prospector.scanner.fingerprint.enabled: false` **\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u0435\u043d** \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u043e fingerprint, \u0447\u0442\u043e \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u0440\u0443\u0435\u0442 \u043d\u0430\u0434\u0451\u0436\u043d\u0443\u044e \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u0444\u0430\u0439\u043b\u043e\u0432 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c \u043c\u0435\u043d\u044c\u0448\u0435 1024 \u0431\u0430\u0439\u0442\n- \u041f\u043e\u043b\u0435 `id` \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043b\u044f filestream-\u0432\u0432\u043e\u0434\u043e\u0432 \u0438 \u0434\u043e\u043b\u0436\u043d\u043e \u0431\u044b\u0442\u044c \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u043c\n\n## \u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b Filebeat\n\n\u041f\u043e\u0441\u043b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 Filebeat \u0441 \u044d\u0442\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0435\u0439 \u0434\u0430\u043d\u043d\u044b\u0435 \u043b\u043e\u0433\u043e\u0432 \u0431\u0443\u0434\u0443\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0432 Manticore \u0438 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u0438\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f. \u041d\u0438\u0436\u0435 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u0430 \u0438\u0442\u043e\u0433\u043e\u0432\u0430\u044f \u0441\u0445\u0435\u043c\u0430 \u0442\u0430\u0431\u043b\u0438\u0446\u044b, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 Manticore, \u0438 \u043f\u0440\u0438\u043c\u0435\u0440 \u0432\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430:\n\nCODE_BLOCK_4\n\nCODE_BLOCK_5"
    7. 

  7.         },
    8. 

  8.         "is_code_or_comment": false,
    9. 

  9.         "model": "openai:gpt-4.1-mini",
    10. 

  10.         "updated_at": 1766339803
    11. 

  11.     },
    12. 

  12.     "f28541346910db37de4149664714d0ced1e165be880f7ec71c16382d0e971895": {
    13. 

  13.         "original": "# Integration with Filebeat\n\n> NOTE: The integration with Filebeat requires [Manticore Buddy](../Installation/Manticore_Buddy.md). If it doesn't work, make sure Buddy is installed.\n\n[Filebeat](https://www.elastic.co/beats/filebeat) is a lightweight shipper for forwarding and centralizing log data. Once installed as an agent, it monitors the log files or locations you specify, collects log events, and forwards them for indexing, usually to Elasticsearch or Logstash.\n\nNow, Manticore also supports the use of Filebeat as processing pipelines. This allows the collected and transformed data to be sent to Manticore just like to Elasticsearch. Currently, versions 7.17-9.2 are supported.\n\n## Filebeat configuration\n\nConfiguration varies depending on which version of Filebeat you're using.\n\n### Configuration for Filebeat 7.17, 8.0, 8.1\n\n> **Important**: Filebeat versions 7.17.0, 8.0.0, and 8.1.0 have a known issue with glibc 2.35+ (used in Ubuntu 22.04 and newer distributions). These versions may crash with \"Fatal glibc error: rseq registration failed\". To fix this, add the `seccomp` configuration as shown below.\n\nCODE_BLOCK_0\n\n**References**: [Issue #30576](https://github.com/elastic/beats/issues/30576), [PR #30620](https://github.com/elastic/beats/pull/30620)\n\n### Configuration for Filebeat 8.1 - 8.10\n\nFor versions 8.1 through 8.10, you need to add the `allow_older_versions` option:\n\nCODE_BLOCK_1\n\n### Configuration for Filebeat 8.11 - 8.19\n\nFrom version 8.11, output compression is enabled by default, so you must explicitly set `compression_level: 0` for compatibility with Manticore:\n\nCODE_BLOCK_2\n\n### Configuration for Filebeat 9.0+\n\nFilebeat 9.0 introduces a major architecture change, replacing the `log` input type with `filestream`. Starting from version 9.0, the default file identification method also changed to fingerprint, which requires files to be at least 1024 bytes ([see issue #44780](https://github.com/elastic/beats/issues/44780)). For Manticore compatibility with files of any size, you must disable fingerprinting.\n\nHere's the required configuration for Filebeat 9.0 and all later versions:\n\nCODE_BLOCK_3\n\n**Important notes for Filebeat 9.0+:**\n- The `type: filestream` input replaces the older `type: log`\n- The `prospector.scanner.fingerprint.enabled: false` setting is **required** to disable fingerprint-based file identification, ensuring reliable processing of files smaller than 1024 bytes\n- The `id` field is required for filestream inputs and must be unique\n\n## Filebeat results\n\nOnce you run Filebeat with this configuration, log data will be sent to Manticore and properly indexed. Here is the resulting schema of the table created by Manticore and an example of the inserted document:\n\nCODE_BLOCK_4\n\nCODE_BLOCK_5\n",
    14. 

  14.         "translations": {
    15. 

  15.             "chinese": "# Filebeat\u4e0e\u96c6\u6210\n\n> NOTE: \u4e0eFilebeat\u7684\u96c6\u6210\u9700\u8981[Manticore Buddy](../Installation/Manticore_Buddy.md)\u3002\u5982\u679c\u4e0d\u8d77\u4f5c\u7528\uff0c\u8bf7\u786e\u4fdd\u5df2\u5b89\u88c5Buddy\u3002\n\n[Filebeat](https://www.elastic.co/beats/filebeat) \u662f\u4e00\u4e2a\u8f7b\u91cf\u7ea7\u7684\u8f6c\u53d1\u5668\uff0c\u7528\u4e8e\u8f6c\u53d1\u548c\u96c6\u4e2d\u65e5\u5fd7\u6570\u636e\u3002\u5b89\u88c5\u5e76\u4f5c\u4e3a\u4ee3\u7406\u8fd0\u884c\u540e\uff0c\u5b83\u4f1a\u76d1\u63a7\u60a8\u6307\u5b9a\u7684\u65e5\u5fd7\u6587\u4ef6\u6216\u4f4d\u7f6e\uff0c\u6536\u96c6\u65e5\u5fd7\u4e8b\u4ef6\uff0c\u5e76\u5c06\u5b83\u4eec\u8f6c\u53d1\u8fdb\u884c\u7d22\u5f15\uff0c\u901a\u5e38\u5230Elasticsearch\u6216Logstash\u3002\n\n\u73b0\u5728\uff0cManticore \u4e5f\u652f\u6301\u4f7f\u7528Filebeat\u4f5c\u4e3a\u5904\u7406\u7ba1\u9053\u3002\u8fd9\u4f7f\u5f97\u6536\u96c6\u548c\u8f6c\u6362\u7684\u6570\u636e\u53ef\u4ee5\u50cf\u53d1\u9001\u5230Elasticsearch\u4e00\u6837\u53d1\u9001\u5230Manticore\u3002\u76ee\u524d\u652f\u6301\u7684\u7248\u672c\u4e3a7.17-9.2\u3002\n\n## Filebeat\u914d\u7f6e\n\n\u914d\u7f6e\u53d6\u51b3\u4e8e\u60a8\u4f7f\u7528\u7684Filebeat\u7248\u672c\u3002\n\n### Filebeat 7.17, 8.0, 8.1\u7684\u914d\u7f6e\n\n> **\u91cd\u8981**: Filebeat\u7248\u672c7.17.0, 8.0.0\u548c8.1.0\u4e0eglibc 2.35+\uff08\u7528\u4e8eUbuntu 22.04\u53ca\u66f4\u9ad8\u7248\u672c\u7684\u53d1\u884c\u7248\uff09\u5b58\u5728\u5df2\u77e5\u95ee\u9898\u3002\u8fd9\u4e9b\u7248\u672c\u53ef\u80fd\u4f1a\u56e0\u201c\u81f4\u547dglibc\u9519\u8bef\uff1arseq\u6ce8\u518c\u5931\u8d25\u201d\u800c\u5d29\u6e83\u3002\u8981\u4fee\u590d\u6b64\u95ee\u9898\uff0c\u8bf7\u6309\u4ee5\u4e0b\u6240\u793a\u6dfb\u52a0`seccomp`\u914d\u7f6e\u3002\n\nCODE_BLOCK_0\n\n**\u53c2\u8003**: [Issue #30576](https://github.com/elastic/beats/issues/30576)\uff0c[PR #30620](https://github.com/elastic/beats/pull/30620)\n\n### Filebeat 8.1 - 8.10\u7684\u914d\u7f6e\n\n\u5bf9\u4e8e\u7248\u672c8.1\u52308.10\uff0c\u60a8\u9700\u8981\u6dfb\u52a0`allow_older_versions`\u9009\u9879\uff1a\n\nCODE_BLOCK_1\n\n### Filebeat 8.11 - 8.19\u7684\u914d\u7f6e\n\n\u4ece\u7248\u672c8.11\u5f00\u59cb\uff0c\u8f93\u51fa\u538b\u7f29\u9ed8\u8ba4\u542f\u7528\uff0c\u56e0\u6b64\u60a8\u5fc5\u987b\u663e\u5f0f\u8bbe\u7f6e`compression_level: 0`\u4ee5\u4e0eManticore\u517c\u5bb9\uff1a\n\nCODE_BLOCK_2\n\n### Filebeat 9.0+\u7684\u914d\u7f6e\n\nFilebeat 9.0\u5f15\u5165\u4e86\u4e3b\u8981\u7684\u67b6\u6784\u66f4\u6539\uff0c\u7528`filestream`\u66ff\u6362`log`\u8f93\u5165\u7c7b\u578b\u3002\u4ece\u7248\u672c9.0\u5f00\u59cb\uff0c\u6587\u4ef6\u8bc6\u522b\u65b9\u6cd5\u4e5f\u5df2\u66f4\u6539\uff0c\u4f7f\u7528\u6307\u7eb9\u6cd5\uff0c\u8fd9\u9700\u8981\u6587\u4ef6\u81f3\u5c11\u4e3a1024\u5b57\u8282\uff08\u8bf7\u53c2\u9605[issue #44780](https://github.com/elastic/beats/issues/44780)\uff09\u3002\u4e3a\u4e86\u4e0e\u4efb\u4f55\u5927\u5c0f\u7684\u6587\u4ef6\u517c\u5bb9\uff0c\u60a8\u5fc5\u987b\u7981\u7528\u6307\u7eb9\u8bc6\u522b\u3002\n\n\u4ee5\u4e0b\u662fFilebeat 9.0\u53ca\u66f4\u9ad8\u7248\u672c\u6240\u9700\u7684\u914d\u7f6e\uff1a\n\nCODE_BLOCK_3\n\n**Filebeat 9.0+\u7684\u91cd\u8981\u6ce8\u610f\u4e8b\u9879:**\n- `type: filestream`\u8f93\u5165\u66ff\u6362\u65e7\u7684`type: log`\n- `prospector.scanner.fingerprint.enabled: false`\u8bbe\u7f6e\u662f**\u5fc5\u9700\u7684**\uff0c\u4ee5\u7981\u7528\u57fa\u4e8e\u6307\u7eb9\u7684\u6587\u4ef6\u8bc6\u522b\uff0c\u786e\u4fdd\u53ef\u9760\u5904\u7406\u5c0f\u4e8e1024\u5b57\u8282\u7684\u6587\u4ef6\n- `id`\u5b57\u6bb5\u662ffilestream\u8f93\u5165\u6240\u9700\u7684\uff0c\u5e76\u4e14\u5fc5\u987b\u662f\u552f\u4e00\u7684\n\n## Filebeat\u7ed3\u679c\n\n\u4e00\u65e6\u4f7f\u7528\u6b64\u914d\u7f6e\u8fd0\u884cFilebeat\uff0c\u65e5\u5fd7\u6570\u636e\u5c06\u53d1\u9001\u5230Manticore\u5e76\u6b63\u786e\u7d22\u5f15\u3002\u4ee5\u4e0b\u662fManticore\u521b\u5efa\u7684\u8868\u7684\u7ed3\u6784\u793a\u4f8b\u4ee5\u53ca\u63d2\u5165\u7684\u6587\u6863\u793a\u4f8b\uff1a\n\nCODE_BLOCK_4\n\nCODE_BLOCK_5",
    16. 

  16.             "russian": "# \u0418\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0441 Filebeat\n\n> \u041f\u0420\u0418\u041c\u0415\u0427\u0410\u041d\u0418\u0415: \u0418\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0441 Filebeat \u0442\u0440\u0435\u0431\u0443\u0435\u0442 [Manticore Buddy](../Installation/Manticore_Buddy.md). \u0415\u0441\u043b\u0438 \u043e\u043d\u0430 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u0443\u0431\u0435\u0434\u0438\u0442\u0435\u0441\u044c, \u0447\u0442\u043e Buddy \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d.\n\n[Filebeat](https://www.elastic.co/beats/filebeat) \u2014 \u044d\u0442\u043e \u043b\u0435\u0433\u043a\u043e\u0432\u0435\u0441\u043d\u044b\u0439 \u0441\u0431\u043e\u0440\u0449\u0438\u043a \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u043a\u0438 \u0438 \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u043b\u043e\u0433\u043e\u0432. \u0411\u0443\u0434\u0443\u0447\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u043c \u043a\u0430\u043a \u0430\u0433\u0435\u043d\u0442, \u043e\u043d \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0435 \u0432\u0430\u043c\u0438 \u0444\u0430\u0439\u043b\u044b \u0438\u043b\u0438 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0438 \u043b\u043e\u0433\u043e\u0432, \u0441\u043e\u0431\u0438\u0440\u0430\u0435\u0442 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043b\u043e\u0433\u043e\u0432 \u0438 \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u0430\u0435\u0442 \u0438\u0445 \u0434\u043b\u044f \u0438\u043d\u0434\u0435\u043a\u0441\u0430\u0446\u0438\u0438, \u043e\u0431\u044b\u0447\u043d\u043e \u0432 Elasticsearch \u0438\u043b\u0438 Logstash.\n\n\u0422\u0435\u043f\u0435\u0440\u044c Manticore \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 Filebeat \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440\u043e\u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0438 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 Manticore \u0442\u0430\u043a \u0436\u0435, \u043a\u0430\u043a \u0438 \u0432 Elasticsearch. \u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0432\u0435\u0440\u0441\u0438\u0438 7.17-9.2.\n\n## \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f Filebeat\n\n\u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0437\u0430\u0432\u0438\u0441\u0438\u0442 \u043e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Filebeat.\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 7.17, 8.0, 8.1\n\n> **\u0412\u0430\u0436\u043d\u043e**: \u0412\u0435\u0440\u0441\u0438\u0438 Filebeat 7.17.0, 8.0.0 \u0438 8.1.0 \u0438\u043c\u0435\u044e\u0442 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0441 glibc 2.35+ (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 Ubuntu 22.04 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u044b\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445). \u042d\u0442\u0438 \u0432\u0435\u0440\u0441\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u0432\u0435\u0440\u0448\u0430\u0442\u044c\u0441\u044f \u0441\u0431\u043e\u0435\u043c \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \"Fatal glibc error: rseq registration failed\". \u0427\u0442\u043e\u0431\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u044d\u0442\u043e, \u0434\u043e\u0431\u0430\u0432\u044c\u0442\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e `seccomp`, \u043a\u0430\u043a \u043f\u043e\u043a\u0430\u0437\u0430\u043d\u043e \u043d\u0438\u0436\u0435.\n\nCODE_BLOCK_0\n\n**\u0421\u0441\u044b\u043b\u043a\u0438**: [Issue #30576](https://github.com/elastic/beats/issues/30576), [PR #30620](https://github.com/elastic/beats/pull/30620)\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 8.1 - 8.10\n\n\u0414\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 \u0441 8.1 \u043f\u043e 8.10 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043e\u043f\u0446\u0438\u044e `allow_older_versions`:\n\nCODE_BLOCK_1\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 8.11 - 8.19\n\n\u041d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 8.11, \u0441\u0436\u0430\u0442\u0438\u0435 \u0432\u044b\u0432\u043e\u0434\u0430 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043e \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 Manticore \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u044f\u0432\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c `compression_level: 0`:\n\nCODE_BLOCK_2\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 9.0+\n\nFilebeat 9.0 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b, \u0437\u0430\u043c\u0435\u043d\u044f\u044f \u0442\u0438\u043f \u0432\u0432\u043e\u0434\u0430 `log` \u043d\u0430 `filestream`. \u041d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 9.0, \u043c\u0435\u0442\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u043c\u0435\u043d\u0438\u043b\u0441\u044f \u043d\u0430 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043e\u043a (fingerprint), \u0447\u0442\u043e \u0442\u0440\u0435\u0431\u0443\u0435\u0442, \u0447\u0442\u043e\u0431\u044b \u0444\u0430\u0439\u043b\u044b \u0431\u044b\u043b\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 1024 \u0431\u0430\u0439\u0442 ([\u0441\u043c. issue #44780](https://github.com/elastic/beats/issues/44780)). \u0414\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u0438 Manticore \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u043f\u043e \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u0443.\n\n\u0412\u043e\u0442 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 9.0 \u0438 \u0432\u0441\u0435\u0445 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439:\n\nCODE_BLOCK_3\n\n**\u0412\u0430\u0436\u043d\u044b\u0435 \u0437\u0430\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u0434\u043b\u044f Filebeat 9.0+:**\n- \u0412\u0432\u043e\u0434 `type: filestream` \u0437\u0430\u043c\u0435\u043d\u044f\u0435\u0442 \u0441\u0442\u0430\u0440\u044b\u0439 `type: log`\n- \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 `prospector.scanner.fingerprint.enabled: false` **\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u0430** \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u0430, \u0447\u0442\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043d\u0430\u0434\u0435\u0436\u043d\u0443\u044e \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u0444\u0430\u0439\u043b\u043e\u0432 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c \u043c\u0435\u043d\u0435\u0435 1024 \u0431\u0430\u0439\u0442\n- \u041f\u043e\u043b\u0435 `id` \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043b\u044f \u0432\u0432\u043e\u0434\u0430 filestream \u0438 \u0434\u043e\u043b\u0436\u043d\u043e \u0431\u044b\u0442\u044c \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u043c\n\n## \u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u0440\u0430\u0431\u043e\u0442\u044b Filebeat\n\n\u041f\u043e\u0441\u043b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 Filebeat \u0441 \u044d\u0442\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0435\u0439 \u0434\u0430\u043d\u043d\u044b\u0435 \u043b\u043e\u0433\u043e\u0432 \u0431\u0443\u0434\u0443\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 Manticore \u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0438\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u044b. \u0412\u043e\u0442 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0438\u0440\u0443\u044e\u0449\u0430\u044f \u0441\u0445\u0435\u043c\u0430 \u0442\u0430\u0431\u043b\u0438\u0446\u044b, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 Manticore, \u0438 \u043f\u0440\u0438\u043c\u0435\u0440 \u0432\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430:\n\nCODE_BLOCK_4\n\nCODE_BLOCK_5"
    17. 

  17.         },
    18. 

  18.         "is_code_or_comment": false,
    19. 

  19.         "model": "deepseek/deepseek-v3.2",
    20. 

  20.         "updated_at": 1766374170
    21. 

  21.     },
    22. 

  22.     "__meta": {
    23. 

  23.         "source_text": "# Integration with Filebeat\n\n> NOTE: The integration with Filebeat requires [Manticore Buddy](../Installation/Manticore_Buddy.md). If it doesn't work, make sure Buddy is installed.\n\n[Filebeat](https://www.elastic.co/beats/filebeat) is a lightweight shipper for forwarding and centralizing log data. Once installed as an agent, it monitors the log files or locations you specify, collects log events, and forwards them for indexing, usually to Elasticsearch or Logstash.\n\nNow, Manticore also supports the use of Filebeat as processing pipelines. This allows the collected and transformed data to be sent to Manticore just like to Elasticsearch. Currently, versions 7.17-9.3 are supported.\n\n## Filebeat configuration\n\nConfiguration varies depending on which version of Filebeat you're using.\n\n### Configuration for Filebeat 7.17, 8.0, 8.1\n\n> **Important**: Filebeat versions 7.17.0, 8.0.0, and 8.1.0 have a known issue with glibc 2.35+ (used in Ubuntu 22.04 and newer distributions). These versions may crash with \"Fatal glibc error: rseq registration failed\". To fix this, add the `seccomp` configuration as shown below.\n\n```yaml\nfilebeat.inputs:\n- type: log\n  enabled: true\n  paths:\n    - /var/log/dpkg.log\n  close_eof: true\n  scan_frequency: 1s\n\noutput.elasticsearch:\n  hosts: [\"http://localhost:9308\"]\n  index: \"dpkg_log\"\n  compression_level: 0\n  allow_older_versions: true  # Required for 8.1\n\n# Fix for glibc 2.35+ compatibility (Ubuntu 22.04+)\nseccomp:\n  default_action: allow\n  syscalls:\n    - action: allow\n      names:\n        - rseq\n\nsetup.ilm.enabled: false\nsetup.template.enabled: false\nsetup.template.name: \"dpkg_log\"\nsetup.template.pattern: \"dpkg_log\"\n```\n\n**References**: [Issue #30576](https://github.com/elastic/beats/issues/30576), [PR #30620](https://github.com/elastic/beats/pull/30620)\n\n\n### Configuration for Filebeat 8.1 - 8.10\n\nFor versions 8.1 through 8.10, you need to add the `allow_older_versions` option:\n\n```\nfilebeat.inputs:\n- type: log\n  enabled: true\n  paths:\n    - /var/log/dpkg.log\n  close_eof: true\n  scan_frequency: 1s\n\noutput.elasticsearch:\n  hosts: [\"http://localhost:9308\"]\n  index: \"dpkg_log\"\n  compression_level: 0\n  allow_older_versions: true\n\nsetup.ilm.enabled: false\nsetup.template.enabled: false\nsetup.template.name: \"dpkg_log\"\nsetup.template.pattern: \"dpkg_log\"\n```\n\n### Configuration for Filebeat 8.11 - 8.19\n\nFrom version 8.11, output compression is enabled by default, so you must explicitly set `compression_level: 0` for compatibility with Manticore:\n\n```\nfilebeat.inputs:\n- type: log\n  enabled: true\n  paths:\n    - /var/log/dpkg.log\n  close_eof: true\n  scan_frequency: 1s\n\noutput.elasticsearch:\n  hosts: [\"http://localhost:9308\"]\n  index: \"dpkg_log\"\n  compression_level: 0\n  allow_older_versions: true\n\nsetup.ilm.enabled: false\nsetup.template.enabled: false\nsetup.template.name: \"dpkg_log\"\nsetup.template.pattern: \"dpkg_log\"\n```\n\n### Configuration for Filebeat 9.0+\n\nFilebeat 9.0 introduces a major architecture change, replacing the `log` input type with `filestream`. Starting from version 9.0, the default file identification method also changed to fingerprint, which requires files to be at least 1024 bytes ([see issue #44780](https://github.com/elastic/beats/issues/44780)). For Manticore compatibility with files of any size, you must disable fingerprinting.\n\nHere's the required configuration for Filebeat 9.0 and all later versions:\n\n```\nfilebeat.inputs:\n- type: filestream\n  id: dpkg-log-input\n  enabled: true\n  paths:\n    - /var/log/dpkg.log\n  prospector.scanner.check_interval: 1s\n  prospector.scanner.fingerprint.enabled: false\n\noutput.elasticsearch:\n  hosts: [\"http://localhost:9308\"]\n  index: \"dpkg_log\"\n  compression_level: 0\n  allow_older_versions: true\n\nsetup.ilm.enabled: false\nsetup.template.enabled: false\nsetup.template.name: \"dpkg_log\"\nsetup.template.pattern: \"dpkg_log\"\n```\n\n**Important notes for Filebeat 9.0+:**\n- The `type: filestream` input replaces the older `type: log`\n- The `prospector.scanner.fingerprint.enabled: false` setting is **required** to disable fingerprint-based file identification, ensuring reliable processing of files smaller than 1024 bytes\n- The `id` field is required for filestream inputs and must be unique\n\n## Filebeat results\n\nOnce you run Filebeat with this configuration, log data will be sent to Manticore and properly indexed. Here is the resulting schema of the table created by Manticore and an example of the inserted document:\n\n```\nmysql> DESCRIBE dpkg_log;\n+------------------+--------+--------------------+\n| Field            | Type   | Properties         |\n+------------------+--------+--------------------+\n| id               | bigint |                    |\n| @timestamp       | text   | indexed stored     |\n| message          | text   | indexed stored     |\n| log              | json   |                    |\n| input            | json   |                    |\n| ecs              | json   |                    |\n| host             | json   |                    |\n| agent            | json   |                    |\n+------------------+--------+--------------------+\n```\n\n```\nmysql> SELECT * FROM dpkg_log LIMIT 1\\G\n*************************** 1. row ***************************\nid: 7280000849080753116\n@timestamp: 2023-06-16T09:27:38.792Z\nmessage: 2023-04-12 02:06:08 status half-installed libhogweed5:amd64 3.5.1+really3.5.1-2\ninput: {\"type\":\"filestream\"}\necs: {\"version\":\"1.6.0\"}\nhost: {\"name\":\"logstash-db848f65f-lnlf9\"}\nagent: {\"ephemeral_id\":\"587c2ebc-e7e2-4e27-b772-19c611115996\",\"id\":\"2e3d985b-3610-4b8b-aa3b-2e45804edd2c\",\"name\":\"logstash-db848f65f-lnlf9\",\"type\":\"filebeat\",\"version\":\"7.10.0\",\"hostname\":\"logstash-db848f65f-lnlf9\"}\nlog: {\"offset\":80,\"file\":{\"path\":\"/var/log/dpkg.log\"}}\n```\n",
    24. 

  24.         "updated_at": 1770287236,
    25. 

  25.         "source_md5": "5ee7bbfaee43ce04a9e43fe225fdc8db",
    26. 

  26.         "source_snapshot": "/tmp/translator-source-OK6KfF",
    27. 

  27.         "target_snapshot": "/tmp/translator-target-QONjxo"
    28. 

  28.     },
    29. 

  29.     "fc9688796f988b96e2ffdec4f182c88c6d42c11c594ea425e2a24327b724ccce": {
    30. 

  30.         "original": "# Integration with Filebeat\n\n> NOTE: The integration with Filebeat requires [Manticore Buddy](../Installation/Manticore_Buddy.md). If it doesn't work, make sure Buddy is installed.\n\n[Filebeat](https://www.elastic.co/beats/filebeat) is a lightweight shipper for forwarding and centralizing log data. Once installed as an agent, it monitors the log files or locations you specify, collects log events, and forwards them for indexing, usually to Elasticsearch or Logstash.\n\nNow, Manticore also supports the use of Filebeat as processing pipelines. This allows the collected and transformed data to be sent to Manticore just like to Elasticsearch. Currently, versions 7.17-9.3 are supported.\n\n## Filebeat configuration\n\nConfiguration varies depending on which version of Filebeat you're using.\n\n### Configuration for Filebeat 7.17, 8.0, 8.1\n\n> **Important**: Filebeat versions 7.17.0, 8.0.0, and 8.1.0 have a known issue with glibc 2.35+ (used in Ubuntu 22.04 and newer distributions). These versions may crash with \"Fatal glibc error: rseq registration failed\". To fix this, add the `seccomp` configuration as shown below.\n\nCODE_BLOCK_0\n\n**References**: [Issue #30576](https://github.com/elastic/beats/issues/30576), [PR #30620](https://github.com/elastic/beats/pull/30620)\n\n### Configuration for Filebeat 8.1 - 8.10\n\nFor versions 8.1 through 8.10, you need to add the `allow_older_versions` option:\n\nCODE_BLOCK_1\n\n### Configuration for Filebeat 8.11 - 8.19\n\nFrom version 8.11, output compression is enabled by default, so you must explicitly set `compression_level: 0` for compatibility with Manticore:\n\nCODE_BLOCK_2\n\n### Configuration for Filebeat 9.0+\n\nFilebeat 9.0 introduces a major architecture change, replacing the `log` input type with `filestream`. Starting from version 9.0, the default file identification method also changed to fingerprint, which requires files to be at least 1024 bytes ([see issue #44780](https://github.com/elastic/beats/issues/44780)). For Manticore compatibility with files of any size, you must disable fingerprinting.\n\nHere's the required configuration for Filebeat 9.0 and all later versions:\n\nCODE_BLOCK_3\n\n**Important notes for Filebeat 9.0+:**\n- The `type: filestream` input replaces the older `type: log`\n- The `prospector.scanner.fingerprint.enabled: false` setting is **required** to disable fingerprint-based file identification, ensuring reliable processing of files smaller than 1024 bytes\n- The `id` field is required for filestream inputs and must be unique\n\n## Filebeat results\n\nOnce you run Filebeat with this configuration, log data will be sent to Manticore and properly indexed. Here is the resulting schema of the table created by Manticore and an example of the inserted document:\n\nCODE_BLOCK_4\n\nCODE_BLOCK_5\n",
    31. 

  31.         "translations": {
    32. 

  32.             "chinese": "# \u4e0e Filebeat \u7684\u96c6\u6210\n\n> \u6ce8\u610f\uff1a\u4e0e Filebeat \u7684\u96c6\u6210\u9700\u8981 [Manticore Buddy](../Installation/Manticore_Buddy.md)\u3002\u5982\u679c\u65e0\u6cd5\u6b63\u5e38\u5de5\u4f5c\uff0c\u8bf7\u786e\u4fdd\u5df2\u5b89\u88c5 Buddy\u3002\n\n[Filebeat](https://www.elastic.co/beats/filebeat) \u662f\u4e00\u4e2a\u8f7b\u91cf\u7ea7\u7684\u8f6c\u53d1\u5668\uff0c\u7528\u4e8e\u8f6c\u53d1\u548c\u96c6\u4e2d\u65e5\u5fd7\u6570\u636e\u3002\u5b89\u88c5\u4e3a\u4ee3\u7406\u540e\uff0c\u5b83\u4f1a\u76d1\u63a7\u60a8\u6307\u5b9a\u7684\u65e5\u5fd7\u6587\u4ef6\u6216\u4f4d\u7f6e\uff0c\u6536\u96c6\u65e5\u5fd7\u4e8b\u4ef6\uff0c\u5e76\u5c06\u5176\u8f6c\u53d1\u4ee5\u8fdb\u884c\u7d22\u5f15\uff0c\u901a\u5e38\u8f6c\u53d1\u5230 Elasticsearch \u6216 Logstash\u3002\n\n\u73b0\u5728\uff0cManticore \u4e5f\u652f\u6301\u4f7f\u7528 Filebeat \u4f5c\u4e3a\u5904\u7406\u7ba1\u9053\u3002\u8fd9\u5141\u8bb8\u6536\u96c6\u548c\u8f6c\u6362\u540e\u7684\u6570\u636e\u50cf\u53d1\u9001\u5230 Elasticsearch \u4e00\u6837\u53d1\u9001\u5230 Manticore\u3002\u76ee\u524d\u652f\u6301\u7684\u7248\u672c\u4e3a 7.17-9.3\u3002\n\n## Filebeat \u914d\u7f6e\n\n\u914d\u7f6e\u4f1a\u6839\u636e\u60a8\u4f7f\u7528\u7684 Filebeat \u7248\u672c\u800c\u6709\u6240\u4e0d\u540c\u3002\n\n### Filebeat 7.17\u30018.0\u30018.1 \u7684\u914d\u7f6e\n\n> **\u91cd\u8981**\uff1aFilebeat \u7248\u672c 7.17.0\u30018.0.0 \u548c 8.1.0 \u4e0e glibc 2.35+\uff08\u7528\u4e8e Ubuntu 22.04 \u53ca\u66f4\u65b0\u7684\u53d1\u884c\u7248\uff09\u5b58\u5728\u5df2\u77e5\u95ee\u9898\u3002\u8fd9\u4e9b\u7248\u672c\u53ef\u80fd\u4f1a\u56e0 \"Fatal glibc error: rseq registration failed\" \u800c\u5d29\u6e83\u3002\u4e3a\u4e86\u89e3\u51b3\u6b64\u95ee\u9898\uff0c\u8bf7\u6dfb\u52a0\u5982\u4e0b\u6240\u793a\u7684 `seccomp` \u914d\u7f6e\u3002\n\nCODE_BLOCK_0\n\n**\u53c2\u8003\u8d44\u6599**\uff1a[Issue #30576](https://github.com/elastic/beats/issues/30576)\uff0c[PR #30620](https://github.com/elastic/beats/pull/30620)\n\n### Filebeat 8.1 - 8.10 \u7684\u914d\u7f6e\n\n\u5bf9\u4e8e 8.1 \u5230 8.10 \u7684\u7248\u672c\uff0c\u60a8\u9700\u8981\u6dfb\u52a0 `allow_older_versions` \u9009\u9879\uff1a\n\nCODE_BLOCK_1\n\n### Filebeat 8.11 - 8.19 \u7684\u914d\u7f6e\n\n\u4ece 8.11 \u7248\u672c\u5f00\u59cb\uff0c\u9ed8\u8ba4\u542f\u7528\u8f93\u51fa\u538b\u7f29\uff0c\u56e0\u6b64\u5fc5\u987b\u663e\u5f0f\u8bbe\u7f6e `compression_level: 0` \u4ee5\u4e0e Manticore \u517c\u5bb9\uff1a\n\nCODE_BLOCK_2\n\n### Filebeat 9.0+ \u7684\u914d\u7f6e\n\nFilebeat 9.0 \u5f15\u5165\u4e86\u91cd\u5927\u67b6\u6784\u66f4\u6539\uff0c\u7528 `filestream` \u8f93\u5165\u7c7b\u578b\u66ff\u6362\u4e86 `log` \u8f93\u5165\u7c7b\u578b\u3002\u4ece 9.0 \u7248\u672c\u5f00\u59cb\uff0c\u9ed8\u8ba4\u6587\u4ef6\u8bc6\u522b\u65b9\u6cd5\u4e5f\u66f4\u6539\u4e3a\u6307\u7eb9\u8bc6\u522b\uff0c\u8fd9\u8981\u6c42\u6587\u4ef6\u81f3\u5c11\u4e3a 1024 \u5b57\u8282\uff08[\u53c2\u89c1\u95ee\u9898 #44780](https://github.com/elastic/beats/issues/44780)\uff09\u3002\u4e3a\u4e86\u4e0e\u4efb\u4f55\u5927\u5c0f\u7684\u6587\u4ef6\u517c\u5bb9\uff0c\u60a8\u5fc5\u987b\u7981\u7528\u6307\u7eb9\u8bc6\u522b\u3002\n\n\u4ee5\u4e0b\u662f Filebeat 9.0 \u53ca\u6240\u6709\u540e\u7eed\u7248\u672c\u6240\u9700\u7684\u914d\u7f6e\uff1a\n\nCODE_BLOCK_3\n\n**Filebeat 9.0+ \u7684\u91cd\u8981\u8bf4\u660e\uff1a**\n- `type: filestream` \u8f93\u5165\u7c7b\u578b\u66ff\u6362\u4e86\u65e7\u7684 `type: log`\n- `prospector.scanner.fingerprint.enabled: false` \u8bbe\u7f6e\u662f **\u5fc5\u9700\u7684**\uff0c\u7528\u4e8e\u7981\u7528\u57fa\u4e8e\u6307\u7eb9\u7684\u6587\u4ef6\u8bc6\u522b\uff0c\u786e\u4fdd\u53ef\u9760\u5904\u7406\u5c0f\u4e8e 1024 \u5b57\u8282\u7684\u6587\u4ef6\n- `filestream` \u8f93\u5165\u9700\u8981 `id` \u5b57\u6bb5\uff0c\u4e14\u5fc5\u987b\u552f\u4e00\n\n## Filebeat \u7ed3\u679c\n\n\u4e00\u65e6\u4f7f\u7528\u6b64\u914d\u7f6e\u8fd0\u884c Filebeat\uff0c\u65e5\u5fd7\u6570\u636e\u5c06\u88ab\u53d1\u9001\u5230 Manticore \u5e76\u6b63\u786e\u7d22\u5f15\u3002\u4ee5\u4e0b\u662f Manticore \u521b\u5efa\u7684\u8868\u7684\u7ed3\u6784\u548c\u63d2\u5165\u6587\u6863\u7684\u793a\u4f8b\uff1a\n\nCODE_BLOCK_4\n\nCODE_BLOCK_5\n",
    33. 

  33.             "russian": "# \u0418\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0441 Filebeat\n\n> \u041f\u0420\u0418\u041c\u0415\u0427\u0410\u041d\u0418\u0415: \u0418\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0441 Filebeat \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u043d\u0430\u043b\u0438\u0447\u0438\u044f [Manticore Buddy](../Installation/Manticore_Buddy.md). \u0415\u0441\u043b\u0438 \u043e\u043d\u0430 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u0443\u0431\u0435\u0434\u0438\u0442\u0435\u0441\u044c, \u0447\u0442\u043e Buddy \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d.\n\n[Filebeat](https://www.elastic.co/beats/filebeat) \u2014 \u044d\u0442\u043e \u043b\u0435\u0433\u043a\u043e\u0432\u0435\u0441\u043d\u044b\u0439 \u0441\u0431\u043e\u0440\u0449\u0438\u043a \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u043a\u0438 \u0438 \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u043b\u043e\u0433\u043e\u0432. \u041f\u043e\u0441\u043b\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0430\u0433\u0435\u043d\u0442\u0430 \u043e\u043d \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0435 \u0432\u0430\u043c\u0438 \u0444\u0430\u0439\u043b\u044b \u0438\u043b\u0438 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0438 \u043b\u043e\u0433\u043e\u0432, \u0441\u043e\u0431\u0438\u0440\u0430\u0435\u0442 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u043b\u043e\u0433\u043e\u0432 \u0438 \u043f\u0435\u0440\u0435\u0441\u044b\u043b\u0430\u0435\u0442 \u0438\u0445 \u0434\u043b\u044f \u0438\u043d\u0434\u0435\u043a\u0441\u0430\u0446\u0438\u0438, \u043e\u0431\u044b\u0447\u043d\u043e \u0432 Elasticsearch \u0438\u043b\u0438 Logstash.\n\n\u0422\u0435\u043f\u0435\u0440\u044c Manticore \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 Filebeat \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440\u043e\u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0438 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 Manticore \u0442\u0430\u043a \u0436\u0435, \u043a\u0430\u043a \u0438 \u0432 Elasticsearch. \u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0432\u0435\u0440\u0441\u0438\u0438 7.17\u20139.3.\n\n## \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f Filebeat\n\n\u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0437\u0430\u0432\u0438\u0441\u0438\u0442 \u043e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Filebeat.\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 7.17, 8.0, 8.1\n\n> **\u0412\u0430\u0436\u043d\u043e**: \u0412 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Filebeat 7.17.0, 8.0.0 \u0438 8.1.0 \u0435\u0441\u0442\u044c \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441 glibc 2.35+ (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 Ubuntu 22.04 \u0438 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u044b\u0445 \u0434\u0438\u0441\u0442\u0440\u0438\u0431\u0443\u0442\u0438\u0432\u0430\u0445). \u042d\u0442\u0438 \u0432\u0435\u0440\u0441\u0438\u0438 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u0432\u0435\u0440\u0448\u0430\u0442\u044c\u0441\u044f \u0441\u0431\u043e\u0435\u043c \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \"Fatal glibc error: rseq registration failed\". \u0427\u0442\u043e\u0431\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u044d\u0442\u043e, \u0434\u043e\u0431\u0430\u0432\u044c\u0442\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e `seccomp`, \u043a\u0430\u043a \u043f\u043e\u043a\u0430\u0437\u0430\u043d\u043e \u043d\u0438\u0436\u0435.\n\nCODE_BLOCK_0\n\n**\u0421\u0441\u044b\u043b\u043a\u0438**: [Issue #30576](https://github.com/elastic/beats/issues/30576), [PR #30620](https://github.com/elastic/beats/pull/30620)\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 8.1 - 8.10\n\n\u0414\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 \u0441 8.1 \u043f\u043e 8.10 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u043e\u043f\u0446\u0438\u044e `allow_older_versions`:\n\nCODE_BLOCK_1\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 8.11 - 8.19\n\n\u041d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 8.11, \u0441\u0436\u0430\u0442\u0438\u0435 \u0432\u044b\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043e \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 Manticore \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u044f\u0432\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c `compression_level: 0`:\n\nCODE_BLOCK_2\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 9.0+\n\nFilebeat 9.0 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b, \u0437\u0430\u043c\u0435\u043d\u044f\u044f \u0442\u0438\u043f \u0432\u0432\u043e\u0434\u0430 `log` \u043d\u0430 `filestream`. \u041d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 9.0, \u043c\u0435\u0442\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u043c\u0435\u043d\u0438\u043b\u0441\u044f \u043d\u0430 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043e\u043a (fingerprint), \u0447\u0442\u043e \u0442\u0440\u0435\u0431\u0443\u0435\u0442, \u0447\u0442\u043e\u0431\u044b \u0444\u0430\u0439\u043b\u044b \u0431\u044b\u043b\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 1024 \u0431\u0430\u0439\u0442 ([\u0441\u043c. issue #44780](https://github.com/elastic/beats/issues/44780)). \u0414\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u0438 Manticore \u0441 \u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u043f\u043e \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u0443.\n\n\u0412\u043e\u0442 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Filebeat 9.0 \u0438 \u0432\u0441\u0435\u0445 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439:\n\nCODE_BLOCK_3\n\n**\u0412\u0430\u0436\u043d\u044b\u0435 \u0437\u0430\u043c\u0435\u0447\u0430\u043d\u0438\u044f \u0434\u043b\u044f Filebeat 9.0+:**\n- \u0412\u0432\u043e\u0434 `type: filestream` \u0437\u0430\u043c\u0435\u043d\u044f\u0435\u0442 \u0441\u0442\u0430\u0440\u044b\u0439 `type: log`\n- \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 `prospector.scanner.fingerprint.enabled: false` **\u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u0430** \u0434\u043b\u044f \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u043e\u0442\u043f\u0435\u0447\u0430\u0442\u043a\u0430, \u0447\u0442\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043d\u0430\u0434\u0435\u0436\u043d\u0443\u044e \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0443 \u0444\u0430\u0439\u043b\u043e\u0432 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c \u043c\u0435\u043d\u0435\u0435 1024 \u0431\u0430\u0439\u0442\n- \u041f\u043e\u043b\u0435 `id` \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0434\u043b\u044f \u0432\u0432\u043e\u0434\u043e\u0432 \u0442\u0438\u043f\u0430 filestream \u0438 \u0434\u043e\u043b\u0436\u043d\u043e \u0431\u044b\u0442\u044c \u0443\u043d\u0438\u043a\u0430\u043b\u044c\u043d\u044b\u043c\n\n## \u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b Filebeat\n\n\u041f\u043e\u0441\u043b\u0435 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 Filebeat \u0441 \u044d\u0442\u043e\u0439 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0435\u0439 \u0434\u0430\u043d\u043d\u044b\u0435 \u043b\u043e\u0433\u043e\u0432 \u0431\u0443\u0434\u0443\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 Manticore \u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0438\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u044b. \u0412\u043e\u0442 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0438\u0440\u0443\u044e\u0449\u0430\u044f \u0441\u0445\u0435\u043c\u0430 \u0442\u0430\u0431\u043b\u0438\u0446\u044b, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 Manticore, \u0438 \u043f\u0440\u0438\u043c\u0435\u0440 \u0432\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430:\n\nCODE_BLOCK_4\n\nCODE_BLOCK_5\n"
    34. 

  34.         },
    35. 

  35.         "is_code_or_comment": false,
    36. 

  36.         "model": "deepseek/deepseek-v3.2",
    37. 

  37.         "updated_at": 1770287235
    38. 

  38.     }
    39. 

  39. }
    40.