The Elastic Agent collects Filebeat logs. Within 'Fleet' I have the system-1 default. This module collects the logs form usual logfiles like /var/log/syslog* etc.
But also the logs from /var/lib/elastic-agent/logs/default/filebeat-json.log. Now I have all events duplicated. The latter ones are not parsed, the logs from /var/log are correctly parsed.
Why are there logs also collected?
Thanks,
Herman
We definitively should not ship the logs twice. @blaker Could you comment on this?
That is because of elastic/beats#19179. We need to fix the logging we start filebeat and metricbeat with so that every published event is not logged.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.