Stack Overflow
Stack Overflow

Questions tagged [filebeat]

Filebeat is a lightweight, open source shipper for log file data. As the next-generation Logstash Forwarder, Filebeat tails logs and quickly sends this information to Logstash for further parsing and enrichment or to Elasticsearch for centralized storage and analysis.

Filebeat is a lightweight, open source shipper for log file data. As the next-generation Logstash Forwarder, Filebeat tails logs and quickly sends this information to Logstash for further parsing and enrichment or to Elasticsearch for centralized storage and analysis. See more details

1457 questions
0
votes
1 answer

Filebeat from elasticsearch will not filter

filebeat is not filtering messages. Below is the message "message": "172.31.25.199 - - [07/Jun/2016:13:07:26 +0000] \"GET /api HTTP/1.1\" 200 27 \"-\" \"ELB-HealthChecker/1.0\"", I want to filter for "ELB-HealthChecker/1.0\" and exclude. Yet I see…
Tampa
  • 75,446
  • 119
  • 278
  • 425
0
votes
2 answers

Logstash: Unable to filter apache vhost_combined custom log and post them into Elasticsearch

I need to filter following apache vhost log format with Geo IP. So that grok can understand and work smoothly. Exact log format: LogFormat "%V:%p %h %l %u %t \"%r\" %>s %O %T %D \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined_custom You see %T…
rayhan
  • 636
  • 3
  • 9
  • 26
0
votes
0 answers

FileBeat doesn't see to be doing anything

I have FileBeat installed as a service and I've set the following config: filebeat: prospectors: - paths: - C:\LogFiles\log.log input_type: filebeat registry_file: "C:/ProgramData/filebeat/registry" output: …
BanksySan
  • 27,362
  • 33
  • 117
  • 216
0
votes
1 answer

Logstash stopping when metadata is in output

I am trying to set up ELK Stack following this tutorial: https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04 However, there is a problem with Logstash: the service is stopping…
funkifunki
  • 1,149
  • 2
  • 13
  • 24
0
votes
4 answers

Filebeat is not forwarding logs

I followed all the steps mentioned here readthedocs but my filebeat is not sending logs to the url http://localhost:9200/_search?pretty. my filebeat.yml file is - https://ghostbin.com/paste/rrjeh I didn't config any logstash file as mentioned. my…
Sinwar Prem
  • 1
  • 2
0
votes
1 answer

Log inactivity monitoring in ELK stack

I am configuring an ELK stack server with filebeat which monitors log files and sends to log stash. Is it possible to configure an alerting mechanism either at filbeat or log stash level such that we get alert in case the logs being monitored are no…
Vikas J
  • 358
  • 1
  • 5
  • 17
0
votes
1 answer

Problems with Dockerbeats dashboard containerName field

I have dockerbeats set up on a local cluster that is running ELK stack and some other misc. dockers (all containers controlled via kubernetes). I set up the dashboard from Ingensi (Ingensi dockerbeat Dashboard) for kibana and ran into an issue with…
Mic De Duiwel
  • 3
  • 2
0
votes
1 answer

Filebeat with ELK > how to build indices per log file efficiently

I plan to make use of Filebeat(s) to copy log files from a predetermined directory of each node to a common Elasticsearch database by means of Logstash. For instance, in the source directory there are 10 log files with the same log format and they…
Rui
  • 3,454
  • 6
  • 37
  • 70
0
votes
1 answer

Elasticsearch > Is it possible to build indices on base of FIELDS

In the context of ELK (Elasticsearch, Logstash, Kibana), I learnt that Logstash has FILTER to make use of grok to divide log messages into different fields. According to my understanding, it only helps to make the unstructured log data into more…
Rui
  • 3,454
  • 6
  • 37
  • 70
0
votes
1 answer

How filebeat checks for new content in a file?

Does filebeat uses tail -f to check for new contents in a file and then flushes it over to the desired output? Or is there any other way it checks for new contents in a file?
droidlabour
  • 567
  • 2
  • 8
  • 21
0
votes
0 answers

Error for Configuring Logstash in Linux (still runnable)

I have come encountered some issues on configuring Logstash. I have used filebeats to forward logs and it went well for the first time. But when I close and repoen the termainal to configure logstash and filebeats. An error comes even Kibana UI…
kan1207
  • 23
  • 6
0
votes
1 answer

Does Elastic Topbeats show process arguments

Elastic (Elasticsearch) Topbeat looks very interesting. But, if I have a host with several processes all the same binary, ie. java, python, etc.. they can only be identified by looking at the subsequent command line arguments. I've just started…
David Hall
  • 341
  • 2
  • 8
0
votes
0 answers

Make a field as an "INDEXED" in elasticsearch

I am using ELK stack with filebeat. I am using a default template for mapping. I am not getting all needed fields as "indexed" Here is my mapping file, { "mappings": { "_default_": { "_all": { "enabled": true, "norms":…
Bhargav Patel
  • 151
  • 2
  • 10
0
votes
1 answer

error indexing into elasticsearch from filebeat and logstash

I set up an elk stack to consume log files locally; now I am trying to add filebeat which will output to logstash for filtering before being indexed into elasticsearch. here is my configuration filebeat.yml: prospectors: # Each - is a prospector.…
trad
  • 7,581
  • 4
  • 20
  • 17
0
votes
1 answer

where the log files stored - filebeat and logstash

I have installed the ELK with Filebeat. I followed this blog for setup : https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04#set-up-filebeat(add-client-servers) When I tested…
wangxiangbill
  • 1
  • 1
  • 2
1 2 3
97 98