Hi
I have installed filebeat (5.2.2) in my windows server and sending logs to logstash (5,.2.2.) which is installed on linux server. I am unable to view logs in the Kibana dashboard.
Cant see any error either in logstash or Filebeat logs.
There is a filebeat agent which is installed in logstash server as well and i can see the logs it writes in Kibana dashboard. ( i can see the logs processing at logstash dir from wind logs)
Is it possible to send from windows filebeat to elastic stack installed on unix filebeat.
hi @kunal16, that should be possible, can you check if you can access the Logstash endpoint from the windows machine Filebeat is installed on?
Also, can you enable debug logging (setting found in the filebeat.yml file) and check if the logs are successfully sent to Logstash
Hi Mariana
Thanks for replying, Yes i have done a ping from windows machine where filebeat is installed and i am receiving the response.
Infact the logs are successfully processed from filebeat server (windows machine) .
File beat logs
2020-05-29T04:02:38+02:00 DBG Start next scan
2020-05-29T04:02:38+02:00 DBG Check file for harvesting: D:\Kunal\Filebeat_test_log.txt
2020-05-29T04:02:38+02:00 DBG Update existing file for harvesting: D:\Kunal\Filebeat_test_log.txt, offset: 219
2020-05-29T04:02:38+02:00 DBG Harvester for file is still running: D:\Kunal\Filebeat_test_log.txt
2020-05-29T04:02:38+02:00 DBG Prospector states cleaned up. Before: 1, After: 1
2020-05-29T04:02:39+02:00 DBG Flushing spooler because of timeout. Events flushed: 0
2020-05-29T04:02:43+02:00 DBG End of file reached: D:\Kunal\Filebeat_test_log.txt; Backoff now.
2020-05-29T04:02:44+02:00 DBG Flushing spooler because of timeout. Events flushed: 1
2020-05-29T04:02:44+02:00 DBG Publish: {
"@timestamp": "2020-05-29T02:02:43.930Z",
"ENVIRONMENT": "prod",
"PROGRAM": "a2742_sfa",
"beat": {
"hostname": "psfa2k001",
"name": "psfa2k001",
"version": "5.2.2"
},
"input_type": "log",
"message": "Removing upper lines ",
"offset": 242,
"source": "D:\\Kunal\\Filebeat_test_log.txt",
"type": "syslog"
}
2020-05-29T04:02:44+02:00 DBG output worker: publish 1 events
2020-05-29T04:02:44+02:00 DBG Try to publish 1 events to logstash with window size 10
2020-05-29T04:02:44+02:00 DBG 1 events out of 1 events sent to logstash. Continue sending
2020-05-29T04:02:44+02:00 DBG send completed
2020-05-29T04:02:44+02:00 DBG Events sent: 1
2020-05-29T04:02:44+02:00 DBG Processing 1 events
2020-05-29T04:02:44+02:00 DBG Registrar states cleaned up. Before: 1, After: 1
2020-05-29T04:02:44+02:00 DBG Write registry file: C:\ProgramData\filebeat\registry
2020-05-29T04:02:44+02:00 DBG Registry file updated. 1 states written.
Now when i try to see the logs in Kibana dashboard , it shows me processed from logstash host rather than windows host
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.