Stack Overflow
Stack Overflow

Questions tagged [filebeat]

Filebeat is a lightweight, open source shipper for log file data. As the next-generation Logstash Forwarder, Filebeat tails logs and quickly sends this information to Logstash for further parsing and enrichment or to Elasticsearch for centralized storage and analysis.

Filebeat is a lightweight, open source shipper for log file data. As the next-generation Logstash Forwarder, Filebeat tails logs and quickly sends this information to Logstash for further parsing and enrichment or to Elasticsearch for centralized storage and analysis. See more details

1457 questions
3
votes
2 answers

Filebeat 6.1.0 and exclude_lines option

I'm having some issues getting filebeat to exclude lines from apache2's access log. I've got the apache2.yml config enabled and it does exclude log files but not lines. Here's an example of the line I'm looking to exclude: example.site.com:80…
robscott27
  • 31
  • 3
3
votes
2 answers

error INFO No non-zero metrics in the last 30s message in filebeat

I 'm newbie in ELK and and I'm getting issues while running logstash. I ran logstash as define in structure step by step as I do for file beat but But when run filebeat and logstash, Its show logstash successfully runs at port 9600. In filebeat it…
Hadii Varposhti
  • 416
  • 4
  • 22
3
votes
3 answers

Filebeat/Logstash remove unwanted fields & values from output

My Filebeat configuration is very simple - - input_type: log paths: - C:\log\FilebeatInputTest.txt output.logstash: hosts: ["http://X.X.X.X:XXXX"] if I write something in ilebeatInputTest.txt like - This is from Filebeat I get output in…
CR Sardar
  • 921
  • 2
  • 17
  • 32
3
votes
1 answer

Filebeat multiline tag is not getting added for multiline event

What I have done: I have enabled multiline pattern in filebeat.yml file: multiline.pattern: '^[[:space:]]+|^Caused by:' multiline.negate: false multiline.match: after My sample log file contains multiline exceptions: Exception in thread…
Nilesh Rajani
  • 538
  • 6
  • 16
3
votes
1 answer

How start filebeat inside docker container?

I try to start filebeat inside dockercontainer. At the begining I try to start by this Dockerfile FROM tomcat:8.5 RUN rm -Rf /usr/local/tomcat/webapps/ROOT/* RUN mkdir /usr/local/tomcat/webapps-my COPY filebeat/ /opt/filebeat/ RUN chmod +x…
Alexey Vashchenkov
  • 233
  • 1
  • 4
  • 12
3
votes
4 answers

Beat and Logstash - Connection reset by peer

I have in the same machine Elasticsearh, Logstash and Beat/filebeat. Filebeat is configured to send information to localhost:5043. Logstash has a pipe configuration listening on port 5043. If I ran netstat -tuplen I see: [root@elk bin]# netstat…
Navarro
  • 1,284
  • 2
  • 17
  • 40
3
votes
1 answer

ELK stack + Filebeat for collecting Rails logs

I have installed an ELK stack on a Virtual Machine and I want to collect logs from some Ruby on Rails applications. On each vm where I have a Rails Application I have installed Filebeat with this config: filebeat: prospectors: - paths: …
kitz
  • 879
  • 2
  • 9
  • 24
3
votes
1 answer

Filebeat duplicating events

I am running a basic elk stack setup using Filebeat > logstash > elasticsearch > kibana - all on version 5.2 When I remove Filebeat and configure logstash to look directly at a file, it ingests the correct number of events. If I delete the data and…
N31lR
  • 31
  • 1
  • 4
3
votes
1 answer

YARN or HDFS logs in Filebeat

If I want to ingest logs which are present in HDFS into Filebeat, how can i do that? I can specify any directory that will be on local drives but i want the Filebeat to pick data from HDFS. Is there any way this can be done? Any help will be greatly…
saurabht
  • 51
  • 2
  • 11
3
votes
1 answer

How to check what Filebeat is sending to Logstash?

I already have Logstash configured to directly pick up files (Gatling logs), process them using custom logic, and send to Elasticsearch. And it's working fine. I'm now trying to setup Filebeat to send the files to it instead. The basics seem to work…
kaqqao
  • 12,984
  • 10
  • 64
  • 118
3
votes
1 answer

Filebeats doesn't foward Docker compose logs, why?

I am following this tutorial to set up a ELK stack (VPS B) that will receive some Docker/docker compose images logs (VPS A) using Beatfile as forwarder, my diagram is as shown below So far, I have managed to have all the interfaces with green ticks…
ndarkness
  • 1,011
  • 2
  • 16
  • 36
3
votes
0 answers

ELK not passing metadata from filebeat into logstash

Installed an ELK server via: https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-centos-7 It seems to work except for the filebeat connection; filebeat does not appear to be forwarding…
user3614014
  • 653
  • 1
  • 6
  • 22
3
votes
1 answer

Is there an official Docker image for Elastic Filebeat?

Is there an official Docker image for Elastic Filebeat? I see there are some community contributed ones, not sure if there is an official one.
Sahas
  • 3,046
  • 6
  • 32
  • 53
3
votes
1 answer

How to configure redis to act as message queue in elk and clear disk space as messages are consumed

I have ELK setup as belows Kibana <-- ElasticSearch <-- Logstash <-- FileBeat (fetching logs from different log sources) This setup breaks down when message inflow is more. As much I have read on internet folks have recommended to use redis in…
Mrunal Gosar
  • 4,595
  • 13
  • 48
  • 71
3
votes
2 answers

Filebeat - Read from remote directory

Is it possible to set file beat to read from remote directory (Since I can't install the process on that machine) I've set it up this way on the beats yml: filebeat: # List of prospectors to fetch data. prospectors: # Each - is a prospector.…
Amir Katz
  • 1,027
  • 1
  • 10
  • 24
1 2 3
97 98