Stack Overflow
Stack Overflow

Questions tagged [filebeat]

Filebeat is a lightweight, open source shipper for log file data. As the next-generation Logstash Forwarder, Filebeat tails logs and quickly sends this information to Logstash for further parsing and enrichment or to Elasticsearch for centralized storage and analysis.

Filebeat is a lightweight, open source shipper for log file data. As the next-generation Logstash Forwarder, Filebeat tails logs and quickly sends this information to Logstash for further parsing and enrichment or to Elasticsearch for centralized storage and analysis. See more details

1457 questions
2
votes
1 answer

Can't connect Filebeat to Logstash

I am new to elasticsearch and I am following the tutorial here: I have hit a stumbling block as I can connect the servers with the ELK-stack configured with the server that is logging activity to FileBeat. I have narrowed it down to an issue with…
0xsegfault
  • 2,899
  • 6
  • 28
  • 58
2
votes
0 answers

Filebeat 6.2 cannot parse json logs of docker container

My application logs in json format like {"verified": true, "id": 42, "date": "bla"} and I want to forward this as json with filebeat (6.2.4). However, because the applications runs inside docker, the log is written to…
christian
  • 9,412
  • 10
  • 41
  • 51
2
votes
2 answers

FileBeat configuration test with output

I am trying to test my configuration using filebeat test ouput -e -c filebeat.yml i see only the help message with command list. I am actually trying to output the data file to verify. Though i have tested filebeat test config -e -c filebeat.yml…
Raghuveer
  • 2,859
  • 7
  • 34
  • 66
2
votes
1 answer

ELK stack custom fields

I am quite new to ELK stack and trying to add custom fields in filebeats. I have siebel error codes present in message field, i am trying to create a custom field for error code to be displayed as a separate field in kibana dashboard. Below is the…
Parinita Vinod
  • 31
  • 3
2
votes
0 answers

Data not showing up in Kibana dashboard but is being sent by filebeat

I am using filebeat to send logs to logstash, do processing and then send to ES. But somehow the log in being sent by filebeat but it gets lost before reaching anywhere in ES or kibana. I have set log level to debug on filebeat to check if logs are…
Shantanu Deshpande
  • 508
  • 1
  • 8
  • 17
2
votes
1 answer

Filebeat to monitor logs of several containers which are inside the containers

I have one question, Is there any way to ship the logs of each container where the log files are located inside the containers. Actually, the current flow will help to ship the log files which is located in the default…
Shobanil more
  • 231
  • 2
  • 3
  • 10
2
votes
1 answer

ELK in Docker and Beats in a machine in a different network

I was trying to configure ELK in docker containers in my private network and A Linux box with beats in another private network. I was trying to generate SSL cert for Filebeat to verify the identity of ELK Server. I tried using the public IP of the…
krishna chandu
  • 33
  • 4
2
votes
1 answer

how can i store in two index using two JSON formated log files using filebeat and output to elasticsearch

below is my configuration file for filebeat which is present in /etc/filebeat/filebeat.yml, it throws an error of Failed to publish events: temporary bulk send failure filebeat.prospectors: - paths: - /var/log/nginx/virus123.log …
Virendra Singh
  • 297
  • 3
  • 9
2
votes
1 answer

What should be the grok pattern for thoses logs ? (ingest pipeline for filebeat)

I'm new in the elasticsearch community and I would like your help on something I'm struggeling with. My goal is to send huge quantity of log files to Elasticsearch using Filebeat. In order to do that I need to parse data using ingest nodes with Grok…
denis jardot
  • 33
  • 5
2
votes
1 answer

How to set up a secure connection between Filbeat and Elasticsearch using SSL

I'm unable to setup an SSL connection between Filebeat and Elasticsearch. My knowledge is lacking when it comes to SSL. I'm using X-Pack to generate a certificate using the certutil command. bin/xpack/certutil ca generates a certificate authority…
Nmap2myHeartBeat
  • 71
  • 7
2
votes
3 answers

Filebeat gives: object mapping for [error] tried to parse field [error] as object, but found a concrete value

In elastic search i have created an ingest pipeline with the next grok pattern: OK…
Janp95
  • 534
  • 8
  • 27
2
votes
0 answers

ELK, File beat cut some text from message

I have ELK(filebeat->logstash->elasticsearch<-kibana) running on win10. I gave the following two lines, then I found filebeat not sending whole text, rather some head/front texts are cut. 2018-04-27 10:42:49 [http-nio-8088-exec-1] - INFO -…
user84592
  • 4,750
  • 11
  • 55
  • 91
2
votes
1 answer

Docker-compose filebeat connection issue to logstash

I am running logstash and filebeat inside separate docker-compose.yml. But filebeat cannot connect to logstash. I can properly telnet into logstash telnet 127.0.0.1 5044 after I wait for the logstash pipelines to start. Filebeat cannot create a…
Joey Lee
  • 21
  • 1
  • 3
2
votes
1 answer

Filebeat - Failed to publish events caused by: read tcp x.x.x.x:36196->x.x.x.x:5045: i/o timeout

Hi i'm running into a problem while sending logs via filebeat to logstash: In short - Can't see logs in kibana - when tailing the filebeat log I see a lot of these: ERROR logstash/async.go:235 Failed to publish events caused by: read tcp…
Tomer Lev
  • 71
  • 1
  • 3
2
votes
0 answers

Extract Filebeat prospector path regexp match to field

I wonder if there's anyway to extract regexp match of Filebeat prospector path to a field, for ex. something like: filebeat.prospectors: - type: log enabled: true paths: - /var/logs/apps/[(a-z)]/*.log json.keys_under_root: true …
Idan Gozlan
  • 3,173
  • 3
  • 30
  • 47
1 2 3
97 98