I have filebeat version 6.2.3 and I have configured the output to elasticsearch and set the default prospector to "enabled: true".
I have enabled the system module, when I go to discover tab I only see the default fields, there are no system fields. Is the default prospector somehow messing with the system module? I am using default settings for everything.
I have changed the default prospector log line to point to some other log file and now I am not getting any logs into my elasticsearch from the system module. The filebeat log says:
2018-04-16T21:01:37.765-0400 INFO log/prospector.go:111 Configured paths: [/var/log/auth.log* /var/log/secure*]
2018-04-16T21:01:37.765-0400 INFO log/prospector.go:111 Configured paths: [/var/log/messages* /var/log/syslog*]
2018-04-16T21:01:37.765-0400 INFO cfgfile/reload.go:258 Starting 1 runners ...
2018-04-16T21:01:37.766-0400 INFO elasticsearch/client.go:145 Elasticsearch url: https://xx:9200
2018-04-16T21:01:37.774-0400 INFO elasticsearch/client.go:690 Connected to Elasticsearch version 6.2.3
2018-04-16T21:01:37.778-0400 INFO log/harvester.go:216 Harvester started for file: /var/log/auth.log
2018-04-16T21:01:37.778-0400 INFO log/harvester.go:216 Harvester started for file: /var/log/syslog
But nothing appears in the filebeat index except for the random log I put into filebeat.yml file.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.