We have a log file we are harvesting with Filebeat on some Windows hosts (2008 R2 Datacenter). Whenever the filebeat service is restarted the file gets fully resent. Here the log of filebeat shutting down: 2017-03-15T18:16:10+02:00 INFO No non-zero metrics in the last 30s 2017-03-15T18:16:26+02:00…

What @ruflin mentioned in the other post caught my eye: I remember we had an issue about path matching in the 5.0-beta versions but this should have been fixed. We too use slashes as path separators for the monitored files like @Steiniche . I tested changing it to backslashes and it works correct…

Duplicate events with Filebeat on windows on service restart

Elastic Stack Beats

ruflin (ruflin) March 21, 2017, 8:16am 12

Ok, so in 5.2 we can "solve" the problem by telling the user to use option 2 or 3 for the path config and in 5.3 it should be solved already.

After filebeat upgrades & preserving registry it sending duplicate events

Topic		Replies	Views
Filebeat duplicates events after restart Beats filebeat	1	603	February 7, 2022
Filebeat sent duplicate events after the log file renamed - Windows Beats filebeat	0	76	June 19, 2024
Filebeat skipping events after after restarting to harvest Beats filebeat	5	1538	April 27, 2018
After filebeat upgrades & preserving registry it sending duplicate events Beats filebeat	15	809	October 14, 2022
Filebeat publishing the whole log again Beats filebeat	6	1996	May 1, 2017

Duplicate events with Filebeat on windows on service restart

Related topics