Hi, Colleagues!
I have installed ELK in Windows and it was all good, until I changed my filebeats configuration to test some stuff. Now I cant get it to work again.
The structure is FB > LS > ES > K
My FB configuration is:
filebeat.prospectors:
- input_type: log
paths:
- /var/log/*.log
output.logstash:
hosts: ["localhost:5044"]
My LS config is:
input
{
beats
{
port => 5044
}
}
filter {...}
output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "logstash-%{+YYYY.MM.dd}"
}
}
The Fb output is:
2017/08/21 09:37:56.675087 beat.go:285: INFO Home path: [C:\Proyectos\fileb
eat] Config path: [C:\Proyectos\filebeat] Data path: [C:\Proyectos\filebeat\data] Logs path: [C:\Proyectos\filebeat\logs]
2017/08/21 09:37:56.676048 beat.go:186: INFO Setup Beat: filebeat; Version: 5.5.1
2017/08/21 09:37:56.675087 metrics.go:23: INFO Metrics logging every 30s
2017/08/21 09:37:56.677044 logstash.go:90: INFO Max Retries set to: 3
2017/08/21 09:37:56.678048 outputs.go:108: INFO Activated logstash as output plugin.
2017/08/21 09:37:56.678048 publish.go:238: DBG Create output worker
2017/08/21 09:37:56.679054 publish.go:280: DBG No output is defined to store the topology. The server fields might not be filled.
2017/08/21 09:37:56.680052 publish.go:295: INFO Publisher name: PC
2017/08/21 09:37:56.717196 async.go:63: INFO Flush Interval set to: 1s
2017/08/21 09:37:56.718154 async.go:64: INFO Max Bulk Size set to: 2048
2017/08/21 09:37:56.718154 async.go:72: DBG create bulk processing worker (interval=1s, bulk size=2048)
2017/08/21 09:37:56.722165 beat.go:221: INFO filebeat start running.
2017/08/21 09:37:56.723168 registrar.go:85: INFO Registry file set to: C:\Proyectos\filebeat\data\registry
2017/08/21 09:37:56.727178 registrar.go:106: INFO Loading registrar data from C:\Proyectos\filebeat\data\registry
2017/08/21 09:37:56.728180 registrar.go:123: INFO States Loaded from registrar:0
2017/08/21 09:37:56.729186 registrar.go:236: INFO Starting Registrar
2017/08/21 09:37:56.729186 sync.go:41: INFO Start sending events to output
2017/08/21 09:37:56.729186 spooler.go:63: INFO Starting spooler: spool_size: 2048; idle_timeout: 5s
2017/08/21 09:37:56.729186 crawler.go:38: INFO Loading Prospectors: 1
2017/08/21 09:37:56.731189 prospector_log.go:65: INFO Prospector with previous states loaded: 0
2017/08/21 09:37:56.733195 prospector.go:124: INFO Starting prospector of type:log; id: 17005676086519951868
2017/08/21 09:37:56.734197 crawler.go:58: INFO Loading and starting Prospectorscompleted. Enabled prospectors: 1
The problem I'm having seems to be that FB isn't able to see the files, but since I was able to do that in the past, I don't think it is anything related to the permissions. Any Idea what it could be?
Thanks a lot!