Stack Overflow
Stack Overflow

Questions tagged [filebeat]

Filebeat is a lightweight, open source shipper for log file data. As the next-generation Logstash Forwarder, Filebeat tails logs and quickly sends this information to Logstash for further parsing and enrichment or to Elasticsearch for centralized storage and analysis.

Filebeat is a lightweight, open source shipper for log file data. As the next-generation Logstash Forwarder, Filebeat tails logs and quickly sends this information to Logstash for further parsing and enrichment or to Elasticsearch for centralized storage and analysis. See more details

1457 questions
0
votes
1 answer

Mesos log output doesn't have year in it

The Mesos slave log file, which uses glog, doesn't have the year in it. It looks like this: W0225 15:24:41.816625 7651 slave.cpp:2024] ...... I'm using filebeat to forward the logs to logstash. Is there any way in mesos to force it to put the…
Oggie
  • 387
  • 2
  • 5
  • 15
0
votes
1 answer

bad Timestamp in Filebeat for syslog file

I've configured ELK server with filebeat on client. The configuration seems ok but when i search for my log with kibana every syslog entry are refferenced in year 2000 like this : { "_index": "filebeat-2000.02.09", "_type": "syslog", "_id":…
C.Rouillon
  • 588
  • 1
  • 4
  • 11
0
votes
1 answer

Configure Logstash to wait before parsing a file

I wonder if you can configure logstash in the following way: Background Info: Every day I get a xml file pushed to my server, which should be parsed. To indicate a complete file transfer afterwards I get an empty .ctl (custom file) transfered to…
d.a.d.a
  • 1,296
  • 1
  • 12
  • 28
-1
votes
0 answers

Elasticsearch does not log kibana due to filebeat

I'm trying to use Elasticsearch for logging. I did a little research and implemented some code in the application, which was developed with .NET 7. All services run almost without any problems. However, I can't see the logs in Kibana. I see the…
Recep Gunes
  • 157
  • 1
  • 8
-1
votes
1 answer

Ansible doesn't load environment variable to start filebeat

In my machine I have all envs in /etc/environment. I need to load one env to run a systemd service with a config file with that env. Here my ansible code - name: Enable filebeat become: true systemd: name: filebeat enabled: true …
Daniele
  • 538
  • 1
  • 5
  • 17
-1
votes
1 answer

FileBeat Multiline Regular Expression

I have a log pattern as below, for which I am trying to create a regular expression that matches (the whole pattern).The lines have double spacing between them.How can i write a regex which captures double spacing 02/21/2022 08:48:41 AM com.myClass…
user1312312
  • 605
  • 1
  • 8
  • 16
-1
votes
1 answer

filebeat @timestamp not overwritten parsing error

i see this warning in filebeat logs: 2022-11-08T15:24:21.094Z ERROR [jsonhelper] jsontransform/jsonhelper.go:62 JSON: Won't overwrite @timestamp because of parsing error: parsing time "2022-11-07T14:43:53.815430" as…
Emanuel
  • 23
  • 6
-1
votes
1 answer

Filebeat regex for tomcat

I'm having trouble to get the correct regex for filebeat when using tomcat and log4j. For this log: 21/10/2022 16:04:37 ERROR en Clase: ExceptionLogger - MSN: test Exception.Class: BUSINESS EXCEPTION ErrorCode: 0 Usuario: test StackTrace: at…
dssof
  • 117
  • 6
-1
votes
1 answer

How to change wazuh default index pattern from daily (wazuh-alerts-4.x-yyyy.mm.dd) to weekly (wazuh-alerts-4.x-xxxx.ww)

At first it's seem to be easy task since the config for creating this index is in /usr/share/filebeat/module/wazuh/alerts/ingest/pipeline.json { "date_index_name": { "field": "timestamp", "date_rounding": "d", …
Hiep Ho
  • 314
  • 2
  • 7
-1
votes
1 answer

Filebeats filbeat.yml file location

I've installed Filebeats in my machine, and I was wondering in which location should the configuration file "filebeat.yml" should stay, once I've found 2 diretories for Elastic C:\ProgramData\Elastic\Beats\filebeat -> [I can find also filebeat yml…
Leonel Fonseca
  • 15
  • 5
-1
votes
1 answer

Running Filebeat on Docker Errors Out

I was following this https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html#_run_the_filebeat_setup docker run \ docker.elastic.co/beats/filebeat:8.0.0 \ setup -E setup.kibana.host=kibana:port \ -E…
S Lakkadi
  • 1
-1
votes
2 answers

Saltstack - File Searialization - Keep Empty lines, File content sequence and Comments intact

I am trying to use salt file serialization, but it is removing all empty lines, sorting the complete file in alphabetical order and removing all comments. I dont want these to happen. Tried to check here and here, but could not find anything. {%…
Sujeet Padhi
  • 254
  • 1
  • 20
-1
votes
1 answer

Ansible playbook - regexp | unable to change data in brackets and quotes

I've been trying to finish up a playbook for deploying a new server. I'm struggling with changing data within brackets containing quotes via lineinfile and a regex: - name: "Configuring: filebeat agent - configuring output to logstash" …
stuber
  • 1
  • 3
-1
votes
2 answers

Kubernetes - How to deploy Filebeat on kubernetes?

I would like to know how I can deploy a basic Filebeat pod on Kubernetes? I need to configure a .yaml file but I don't know what I need to specify: apiVersion: apps/v1 kind: Deployment metadata: name: Filebeat labels: app: Filebeat spec: …
AC-1994
  • 83
  • 9
-1
votes
1 answer

Logstash log processing from multiple source

I am new to elk stack. Let me explain what i am trying to do. I have a application that is running separately for different users i.e. 5 different users will have 5 independent instance of the same application. I am using filebeats to send the logs…
Susanta Gautam
  • 149
  • 1
  • 1
  • 7
1 2 3
97 98