Stack Overflow
Stack Overflow

Questions tagged [filebeat]

Filebeat is a lightweight, open source shipper for log file data. As the next-generation Logstash Forwarder, Filebeat tails logs and quickly sends this information to Logstash for further parsing and enrichment or to Elasticsearch for centralized storage and analysis.

Filebeat is a lightweight, open source shipper for log file data. As the next-generation Logstash Forwarder, Filebeat tails logs and quickly sends this information to Logstash for further parsing and enrichment or to Elasticsearch for centralized storage and analysis. See more details

1457 questions
2
votes
0 answers

Adding values in scripted field in Kibana

I am writing Scripted Fields in Kibana. I am able to run simple query successfully but I need to add two different fields in single scripted field. The query looks as follows: if((doc['some_field'].value=some value) && (doc['some_field2'].value=some…
MinakshiG
  • 51
  • 2
2
votes
1 answer

logging nginx events from a docker container managed by kubernetes

Currently, to my understanding, kubernetes offers no logging solutions on it's own and it also does not allow one to specify the logging driver when using docker as the container technology due to scope encapsulation concerns. This leaves folks with…
omu_negru
  • 4,642
  • 4
  • 27
  • 38
2
votes
3 answers

Filebeat Kubernetes Processor and filtering

I am trying to ship my K8s pod logs to Elasticsearch using Filebeat. I am following the guide online here: https://www.elastic.co/guide/en/beats/filebeat/6.0/running-on-kubernetes.html Everything works as expected however I want to filter out events…
timothyclifford
  • 6,799
  • 7
  • 57
  • 85
2
votes
1 answer

Is it possible to configure multiple output for a filebeat?

In one of our applications we parse the application logs using logstash and indexing them into elasticsearch. Our simple architecture is logfiles ---> filebeat--->logstash-----> elasticsearch. As we enabled multiple log files example (apachelogs,…
Sarathy
  • 442
  • 2
  • 9
  • 20
2
votes
1 answer

Escaping `/**` in asciidoc

My goal I am trying to submit a fix to the Filebeat documentation, written in asciidoc. Source Currently it is not possible to recursively fetch all files in all subdirectories of a directory. However, the /** pattern can be used to fetch all…
Adam Matan
  • 128,757
  • 147
  • 397
  • 562
2
votes
1 answer

Nginx module for filebeats doesn't parse access logs

I am using nginx module for filebeats to send log data to elasticsearch. Here is my filebeats configuration: output: logstash: enabled: true hosts: - logstash:5044 timeout: 15 filebeat.modules: - module: nginx access: …
Uros K
  • 3,274
  • 4
  • 31
  • 45
2
votes
1 answer

What's the difference between `_type` and `type` in elasticsearch from filebeat?

What's the difference between _type and type in elasticsearch from filebeat? Looking the data from the query: Looks like, the _type is the doc type from index, and type is just a field of my source data. If it is, why does filebeat set…
Xin
  • 33,823
  • 14
  • 84
  • 85
2
votes
1 answer

Volume mapped filebeat.yml permissions from Docker on a Windows host

I'm trying to run the official 5.4.3 Filebeat docker container via VirtualBox on a Windows host. Rather than creating a custom image, I'm using a volume mapping to pass the filebeat.yml file to the container using the automatically created…
Nathan Baulch
  • 20,233
  • 5
  • 52
  • 56
2
votes
0 answers

Filtering with Filebeat and regex

Saw a similar post regarding filtering Filebeat output, but my case is complicated by the existence of a double quote and slashes and backslashes within the message string. Here is the message field in Filebeat: "message":"162.246.216.28 -…
Stiv Ostenberg
  • 607
  • 5
  • 9
2
votes
2 answers

Push from Filbeat to Elasticsearch with custom _type and _id

The problem is to push json logs collected by Filebeat to Elasticsearch with defined _type and _id. Default elastic _type is "log" and _id is smth. like "AVryuUKMKNQ7xhVUFxN2". My log row: {"unit_id":10001,"node_id":1,"message":"Msg ..."} Desired…
Dmitry
  • 846
  • 1
  • 7
  • 20
2
votes
0 answers

How filebeat works in case of failure in destination?

Quoting from the documentation "In situations where the defined output is blocked and has not confirmed all events, Filebeat will keep trying to send events until the output acknowledges that it has received the events" My question here is as…
hello world
  • 660
  • 2
  • 6
  • 25
2
votes
1 answer

Can I use golang on Solaris 5.10?

I'm trying to use golang on Solaris 5.10 i86c (x86 + x86_64) but I can't find a package made for Solaris. In addition, I want this to make a binary file for Filebeat which runs in Solaris 5.10 systems. The actual release of Filebeat (amd64) doesn't…
Gonzalo García
  • 57
  • 2
  • 6
2
votes
0 answers

Filebeat to Logstash ERR wsarecv, wsasend

I am using ELK stack version 5.1.2 and I have problem with sending logs from one worker (node) to central server. Everything I configured on localhost and it worked perfectly, but on development environment not. On localhost I used SSL, but now I…
Loutocký
  • 822
  • 2
  • 15
  • 28
2
votes
2 answers

How i can config multiline in logstash 5.1.2 for tomcat/java

I use a 5.1.2 verisón of logstash, filebeat, elasticsearch... "ELK" I try send logs from tomcat server (catalina.out and apps-java logs) but can´t because have problems of config of logstash multiline filter/codec. I follow this…
guare
  • 23
  • 1
  • 4
2
votes
1 answer

How to create filebeat index pattern in kibana?

I'm currently using ELK stack with filebeat. I'm able to map the apache log file contents to Elasticsearch server in json format. Now I would like to know how to create a index pattern for filebeat in kibana? Followed below link but that did not…
meshsf
  • 163
  • 2
  • 14
1 2 3
97 98