Hello guys,
I have a problem creating a new custom index for filebeat. When I used the default filebeat index it ran without issues and I could see it on kibana, but when I tried to create a new one although I had created a new pattern and index on kibana ( name access ) it doesn't seem to load any log files on es. Could it be that the index has already some docs (I had previously load some logs manually to it) but I ve tried with other index names too.
I 've searched through it a lot, debug yml file seems fine, tried also solutions for similar issues but still nothing. Any ideas what could be wrong ?
Here is my config file:
> filebeat.inputs:
>
> # Each - is an input. Most options can be set at the input level, so
> # you can use different inputs for various configurations.
> # Below are the input specific configurations.
>
> - type: log
>
> # Change to true to enable this input configuration.
> enabled: true
>
> # Paths that should be crawled and fetched. Glob based paths.
> paths:
> - C:\logs\*.log
>
> #============================= Filebeat modules ===============================
>
> filebeat.config.modules:
> # Glob pattern for configuration loading
> path: ${path.config}/modules.d/*.yml
>
> # Set to true to enable config reloading
> reload.enabled: false
>
> # Period on which files under path should be checked for changes
> #reload.period: 10s
>
> #==================== Elasticsearch template setting ==========================
>
> setup.template.settings:
> index.number_of_shards: 1
> #index.codec: best_compression
> #_source.enabled: false
>
> setup.kibana:
> # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
> host: "localhost:5601"
> setup.dashboards.index : "NEW_INDEX-*"
>
> #-------------------------- Elasticsearch output ------------------------------
> output.elasticsearch:
> # Array of hosts to connect to.
> hosts: ["localhost:9200"]
> index: "access-%{+yyyy.MM.dd}"
> #"access-%{+yyyy.MM.dd}"
> # Optional protocol and basic auth credentials.
> #protocol: "https"
> username: "elastic"
> password: "psgtKIPvJSdx7R8onFtv4STn"
> setup.kibana:
> host: "localhost:5601"
>
>
> setup.template:
> name: "access"
> pattern: "access-*"
> enabled: true
> setup.ilm.enabled: false
>
> #================================ Processors =====================================
>
> # Configure processors to enhance or manipulate events generated by the beat.
>
> processors:
> - decode_json_fields:
> fields: ["log"]
> target: ""
> overwrite_keys: true
> - add_docker_metadata: ~
> indent preformatted text by 4 spaces
Thanks a lot!