0

I receive the data from filebeats in logstash but I do not see the value for [log][file][path]. I see othr people get the data in the logstash data, below is what I receive. There is no data from beats for the logpath. Thank you in advance for the help.

{
    "_index" : "%{merchant_id}",
    "_type" : "_doc",
    "_id" : "gpPkankB77M3Al5AC9Cs",
    "_score" : 1.0,
    "_source" : {
      "host" : {
        "name" : "53f955bf4e04"
      },
      "message" : "request: \nnull",
      "@version" : "1",
      "@timestamp" : "2021-05-08T09:50:26.090Z",
      "level" : "D",
      "stacktrace" : true,
      "ls_pipe" : "droid_log",
      "agent" : {
        "id" : "dffd6c5f-69e9-416c-b08c-f2229e6d477b",
        "name" : "53f955bf4e04",
        "version" : "7.12.1",
        "type" : "filebeat",
        "ephemeral_id" : "6417dd44-79fd-44a9-8798-5ae188f9fe62",
        "hostname" : "53f955bf4e04"
      },
      "device" : {
        "id" : "1850006639",
        "tid" : "3786",
        "pid" : "3732"
      },
      "tags" : [
        "beats_input_codec_plain_applied",
        "_grokparsefailure"
      ],
      "input" : {
        "type" : "log"
      },
      "ecs" : {
        "version" : "1.8.0"
      },
      "logger" : "postiliondriver.parameters.PostilionParamDownloadBase"
    }
  }

Logstash Config

beats

BKruger
  • 31
  • 4
  • Share your filebeat config and your logstash pipeline config, you seem to have some errors in your pipeline. – leandrojmp May 14 '21 at 13:52

1 Answers1

0

You have a drop_fields processor in your filebeat.yml that is dropping the log field.

If you drop the field you can't use it in logstash because it does not exists in your message.

Remove the log field from the drop_fields processor and try again.

leandrojmp
  • 7,082
  • 2
  • 19
  • 24