Does windows filebeat work with rest of elastic stack on linux

Hi
I have installed filebeat (5.2.2) in my windows server and sending logs to logstash (5,.2.2.) which is installed on linux server. I am unable to view logs in the Kibana dashboard.
Cant see any error either in logstash or Filebeat logs.
There is a filebeat agent which is installed in logstash server as well and i can see the logs it writes in Kibana dashboard. ( i can see the logs processing at logstash dir from wind logs)

Is it possible to send from windows filebeat to elastic stack installed on unix filebeat.

hi @kunal16, that should be possible, can you check if you can access the Logstash endpoint from the windows machine Filebeat is installed on?
Also, can you enable debug logging (setting found in the filebeat.yml file) and check if the logs are successfully sent to Logstash

Hi Mariana
Thanks for replying, Yes i have done a ping from windows machine where filebeat is installed and i am receiving the response.
Infact the logs are successfully processed from filebeat server (windows machine) .
File beat logs

2020-05-29T04:02:38+02:00 DBG  Start next scan
2020-05-29T04:02:38+02:00 DBG  Check file for harvesting: D:\Kunal\Filebeat_test_log.txt
2020-05-29T04:02:38+02:00 DBG  Update existing file for harvesting: D:\Kunal\Filebeat_test_log.txt, offset: 219
2020-05-29T04:02:38+02:00 DBG  Harvester for file is still running: D:\Kunal\Filebeat_test_log.txt
2020-05-29T04:02:38+02:00 DBG  Prospector states cleaned up. Before: 1, After: 1
2020-05-29T04:02:39+02:00 DBG  Flushing spooler because of timeout. Events flushed: 0
2020-05-29T04:02:43+02:00 DBG  End of file reached: D:\Kunal\Filebeat_test_log.txt; Backoff now.
2020-05-29T04:02:44+02:00 DBG  Flushing spooler because of timeout. Events flushed: 1
2020-05-29T04:02:44+02:00 DBG  Publish: {
  "@timestamp": "2020-05-29T02:02:43.930Z",
  "ENVIRONMENT": "prod",
  "PROGRAM": "a2742_sfa",
  "beat": {
    "hostname": "psfa2k001",
    "name": "psfa2k001",
    "version": "5.2.2"
  },
  "input_type": "log",
  "message": "Removing upper lines ",
  "offset": 242,
  "source": "D:\\Kunal\\Filebeat_test_log.txt",
  "type": "syslog"
}
2020-05-29T04:02:44+02:00 DBG  output worker: publish 1 events
2020-05-29T04:02:44+02:00 DBG  Try to publish 1 events to logstash with window size 10
2020-05-29T04:02:44+02:00 DBG  1 events out of 1 events sent to logstash. Continue sending
2020-05-29T04:02:44+02:00 DBG  send completed
2020-05-29T04:02:44+02:00 DBG  Events sent: 1
2020-05-29T04:02:44+02:00 DBG  Processing 1 events
2020-05-29T04:02:44+02:00 DBG  Registrar states cleaned up. Before: 1, After: 1
2020-05-29T04:02:44+02:00 DBG  Write registry file: C:\ProgramData\filebeat\registry
2020-05-29T04:02:44+02:00 DBG  Registry file updated. 1 states written. 

Now when i try to see the logs in Kibana dashboard , it shows me processed from logstash host rather than windows host

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.