We have a log file we are harvesting with Filebeat on some Windows hosts (2008 R2 Datacenter). Whenever the filebeat service is restarted the file gets fully resent. Here the log of filebeat shutting down: 2017-03-15T18:16:10+02:00 INFO No non-zero metrics in the last 30s 2017-03-15T18:16:26+02:00…

What @ruflin mentioned in the other post caught my eye: I remember we had an issue about path matching in the 5.0-beta versions but this should have been fixed. We too use slashes as path separators for the monitored files like @Steiniche . I tested changing it to backslashes and it works correct…

ruflin (ruflin) March 21, 2017, 8:16am 12

Ok, so in 5.2 we can "solve" the problem by telling the user to use option 2 or 3 for the path config and in 5.3 it should be solved already.

After filebeat upgrades & preserving registry it sending duplicate events

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Duplicate events with Filebeat on windows on service restart