To whom it may concern, to all ELK fans out there who like to keep their logs backed up and ready for analysis, I’ve created a filebeat addon for Home Assistant.
I never liked the fact that i could not configure Home Assistant internal syslog to ship logs to ELK cluster so that i can have my logs backed up and i could always see the history.
That’s why I’ve created a Filebeat addon, which is basically a Filebeat running in a docker container, shipping your home-assistant.log AND journal logs (that means supervisor logs, other addon logs, kernel/audit logs etc) to elasticsearch cluster of your liking.
I’ve honestly done a lot of testing in past 30 days and so far everything looks stable. Just recently I’ve added the ability for addon to push searches and index pattern, and that yet i haven’t tested against multiple elasticsearch versions.
Some features of the addon:
- Ability to choose filebeat version (for different ES compatability)
- Some log lines are tagged with ‘deprecated’, ‘slow’ or similar to point to a potential issue in HA, you can search for those tags
- You can add your own ingest pipeline if you’d like
- Tweaking ssl.verification_mode option in case you have self-signed cert, you know that default option will complain!
- You can tweak number of shards/replicas
- You can select if you want filebeat to ship journal logs too, they can get large so you can disable this if you don’t need it.
- You can select to clear the cache, in case you’re doing some testing or adjusting, by enabling clear_cache it will remove filebeat cache and start shipping logs from start again.
But you can refer to all details, as well as installation instructions on my git repo.
Feel free to share some feedback or suggestions if you have any.
