The Elastic Agent collects Filebeat logs. Within 'Fleet' I have the system-1 default. This module collects the logs form usual logfiles like /var/log/syslog* etc.
But also the logs from /var/lib/elastic-agent/logs/default/filebeat-json.log. Now I have all events duplicated. The latter ones are not parsed, the logs from /var/log are correctly parsed.
Why are there logs also collected?
Thanks,
Herman
We definitively should not ship the logs twice. @blaker Could you comment on this?
That is because of elastic/beats#19179. We need to fix the logging we start filebeat and metricbeat with so that every published event is not logged.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.