I did what you said. In my filebeat I removed the line with logs, now my filebeat looks like this:
filebeat.inputs:
- type: log
paths:
- /var/lib/docker/docker/containers/*/*.log
json.keys_under_root: true
json.add_error_key: true
json.overwrite_keys: true
multiline.pattern: '^[[[:space:]]]'
multiline.negate: false
multiline.match: after
output.logstash:
hosts: ["XX:XX:XX:XX:XX:XX:XX:5044"]
I also fixed my logstash.conf
input {
beats {
port => 5044
type => "beats"
}
}
output {
if [type] == "beats" {
elasticsearch {
hosts => "XX.XX.XX.XX:9200"
index => "beats-index-%{+yyyyy.MM.dd}"
}
}
It's just that in the filter lines I thought I could then set the output of what exactly I wanted from the docker container logs (which would be the container name, ports, the log text, the image name and its id).
And I wanted to let you know that I'm missing a previous error in the filebeat logs
2023-11-11T15:11:18.195Z INFO instance/beat.go:698 Home path: [/usr/share/filebeat] Config path: [/usr/share/filebeat] Data path: [/usr/share/filebeat/data] Logs path: [/usr/share/filebeat/logs] Hostfs Path: [/]
2023-11-11T15:11:18.204Z INFO instance/beat.go:706 Beat ID: 0898f8ad-6a97-48e9-85c1-746b2b1d9a44
2023-11-11T15:11:18.204Z INFO [seccomp] seccomp/seccomp.go:124 Syscall filter successfully installed
2023-11-11T15:11:18.205Z INFO [beat] instance/beat.go:1052 Beat info {"system_info": {"beat": {"path": {"config": "/usr/share/filebeat", "data": "/usr/share/filebeat/data", "home": "/usr/share/filebeat", "logs": "/usr/share/filebeat/logs"}, "type": "filebeat", "uuid": "0898f8ad-6a97-48e9-85c1-746b2b1d9a44"}}}
2023-11-11T15:11:18.205Z INFO [beat] instance/beat.go:1061 Build info {"system_info": {"build": {"commit": "57698bed51958971cf7298131cf3469fb98058ec", "libbeat": "7.17.14", "time": "2023-10-05T19:22:02.000Z", "version": "7.17.14"}}}
2023-11-11T15:11:18.205Z INFO [beat] instance/beat.go:1064 Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":4,"version":"go1.19.12"}}}
2023-11-11T15:11:18.206Z INFO [beat] instance/beat.go:1070 Host info {"system_info": {"host": {"architecture":"x86_64","boot_time":"2022-09-03T20:26:57Z","containerized":true,"name":"mydockerhost","ip":["127.0.0.1","192.168.80.2"],"kernel_version":"5.4.0-125-generic","mac":["02:42:c0:a8:50:02"],"os":{"type":"linux","family":"debian","platform":"ubuntu","name":"Ubuntu","version":"20.04.6 LTS (Focal Fossa)","major":20,"minor":4,"patch":6,"codename":"focal"},"timezone":"UTC","timezone_offset_sec":0}}}
2023-11-11T15:11:18.206Z INFO [beat] instance/beat.go:1099 Process info {"system_info": {"process": {"capabilities": {"inheritable":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"permitted":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"effective":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null}, "cwd": "/usr/share/filebeat", "exe": "/usr/share/filebeat/filebeat", "name": "filebeat", "pid": 8, "ppid": 1, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2023-11-11T15:11:16.780Z"}}}
2023-11-11T15:11:18.207Z INFO instance/beat.go:292 Setup Beat: filebeat; Version: 7.17.14
2023-11-11T15:11:18.207Z INFO [publisher] pipeline/module.go:113 Beat name: mydockerhost
2023-11-11T15:11:18.209Z WARN beater/filebeat.go:202 Filebeat is unable to load the ingest pipelines for the configured modules because the Elasticsearch output is not configured/enabled. If you have already loaded the ingest pipelines or are using Logstash pipelines, you can ignore this warning.
2023-11-11T15:11:18.209Z INFO [monitoring] log/log.go:142 Starting metrics logging every 30s
2023-11-11T15:11:18.212Z INFO instance/beat.go:457 filebeat start running.
2023-11-11T15:11:18.219Z INFO memlog/store.go:119 Loading data file of '/usr/share/filebeat/data/registry/filebeat' succeeded. Active transaction id=0
2023-11-11T15:11:18.219Z INFO memlog/store.go:124 Finished loading transaction log file for '/usr/share/filebeat/data/registry/filebeat'. Active transaction id=0
2023-11-11T15:11:18.219Z WARN beater/filebeat.go:411 Filebeat is unable to load the ingest pipelines for the configured modules because the Elasticsearch output is not configured/enabled. If you have already loaded the ingest pipelines or are using Logstash pipelines, you can ignore this warning.
2023-11-11T15:11:18.219Z INFO [registrar] registrar/registrar.go:109 States Loaded from registrar: 0
2023-11-11T15:11:18.219Z INFO [crawler] beater/crawler.go:71 Loading Inputs: 1
2023-11-11T15:11:18.219Z INFO [crawler] beater/crawler.go:117 starting input, keys present on the config: [filebeat.inputs.0.json.add_error_key filebeat.inputs.0.json.keys_under_root filebeat.inputs.0.json.overwrite_keys filebeat.inputs.0.multiline.match filebeat.inputs.0.multiline.negate filebeat.inputs.0.multiline.pattern filebeat.inputs.0.paths.0 filebeat.inputs.0.type]
2023-11-11T15:11:18.219Z WARN [cfgwarn] log/input.go:89 DEPRECATED: Log input. Use Filestream input instead.
2023-11-11T15:11:18.220Z INFO beater/crawler.go:155 Stopping Crawler
2023-11-11T15:11:18.220Z INFO beater/crawler.go:165 Stopping 0 inputs
2023-11-11T15:11:18.220Z INFO beater/crawler.go:185 Crawler stopped
2023-11-11T15:11:18.220Z INFO [registrar] registrar/registrar.go:132 Stopping Registrar
2023-11-11T15:11:18.220Z INFO [registrar] registrar/registrar.go:166 Ending Registrar
2023-11-11T15:11:18.220Z INFO [registrar] registrar/registrar.go:137 Registrar stopped
2023-11-11T15:11:48.216Z INFO [monitoring] log/log.go:184 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cgroup":{"cpu":{"cfs":{"period":{"us":100000}},"id":"/"},"cpuacct":{"id":"/","total":{"ns":688129074}},"memory":{"id":"/","mem":{"limit":{"bytes":9223372036854771712},"usage":{"bytes":36687872}}}},"cpu":{"system":{"ticks":90,"time":{"ms":92}},"total":{"ticks":340,"time":{"ms":343},"value":340},"user":{"ticks":250,"time":{"ms":251}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"3dc3b98f-98d6-4b34-af44-f914f21cf24f","uptime":{"ms":30391},"version":"7.17.14"},"memstats":{"gc_next":20295320,"memory_alloc":10522576,"memory_sys":49919240,"memory_total":54798192,"rss":101810176},"runtime":{"goroutines":18}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"active":0},"type":"logstash"},"pipeline":{"clients":0,"events":{"active":0},"queue":{"max_events":4096}}},"registrar":{"states":{"current":0}},"system":{"cpu":{"cores":4},"load":{"1":7.18,"15":2.83,"5":3.87,"norm":{"1":1.795,"15":0.7075,"5":0.9675}}}}}}
2023-11-11T15:12:18.217Z INFO [monitoring] log/log.go:184 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cgroup":{"cpuacct":{"total":{"ns":10939056}},"memory":{"mem":{"usage":{"bytes":188416}}}},"cpu":{"system":{"ticks":90,"time":{"ms":7}},"total":{"ticks":340,"time":{"ms":9},"value":340},"user":{"ticks":250,"time":{"ms":2}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"3dc3b98f-98d6-4b34-af44-f914f21cf24f","uptime":{"ms":60391},"version":"7.17.14"},"memstats":{"gc_next":20295320,"memory_alloc":11212824,"memory_total":55488440,"rss":101810176},"runtime":{"goroutines":18}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"active":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":7.36,"15":2.98,"5":4.23,"norm":{"1":1.84,"15":0.745,"5":1.0575}}}}}}
2023-11-11T15:12:48.221Z INFO [monitoring] log/log.go:184 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cgroup":{"cpuacct":{"total":{"ns":8217078}},"memory":{"mem":{"usage":{"bytes":57344}}}},"cpu":{"system":{"ticks":110,"time":{"ms":13}},"total":{"ticks":360,"time":{"ms":18},"value":360},"user":{"ticks":250,"time":{"ms":5}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"3dc3b98f-98d6-4b34-af44-f914f21cf24f","uptime":{"ms":90397},"version":"7.17.14"},"memstats":{"gc_next":20295320,"memory_alloc":12192024,"memory_total":56467640,"rss":101810176},"runtime":{"goroutines":18}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"active":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":5.48,"15":2.98,"5":4.1,"norm":{"1":1.37,"15":0.745,"5":1.025}}}}}}
2023-11-11T15:13:18.223Z INFO [monitoring] log/log.go:184 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cgroup":{"cpuacct":{"total":{"ns":34129883}},"memory":{"mem":{"usage":{"bytes":40960}}}},"cpu":{"system":{"ticks":120,"time":{"ms":9}},"total":{"ticks":380,"time":{"ms":17},"value":380},"user":{"ticks":260,"time":{"ms":8}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"3dc3b98f-98d6-4b34-af44-f914f21cf24f","uptime":{"ms":120391},"version":"7.17.14"},"memstats":{"gc_next":20295320,"memory_alloc":12546912,"memory_total":56822528,"rss":101810176},"runtime":{"goroutines":18}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"active":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":3.69,"15":2.91,"5":3.8,"norm":{"1":0.9225,"15":0.7275,"5":0.95}}}}}}
2023-11-11T15:13:48.219Z INFO [monitoring] log/log.go:184 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cgroup":{"cpuacct":{"total":{"ns":23414937}},"memory":{"mem":{"usage":{"bytes":-4116480}}}},"cpu":{"system":{"ticks":130,"time":{"ms":14}},"total":{"ticks":400,"time":{"ms":26},"value":400},"user":{"ticks":270,"time":{"ms":12}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"3dc3b98f-98d6-4b34-af44-f914f21cf24f","uptime":{"ms":150390},"version":"7.17.14"},"memstats":{"gc_next":20515072,"memory_alloc":10087384,"memory_total":57451592,"rss":98537472},"runtime":{"goroutines":18}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"active":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":2.81,"15":2.87,"5":3.58,"norm":{"1":0.7025,"15":0.7175,"5":0.895}}}}}}
2023-11-11T15:14:18.222Z INFO [monitoring] log/log.go:184 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cgroup":{"cpuacct":{"total":{"ns":11649481}},"memory":{"mem":{"usage":{"bytes":-102400}}}},"cpu":{"system":{"ticks":140,"time":{"ms":7}},"total":{"ticks":420,"time":{"ms":18},"value":420},"user":{"ticks":280,"time":{"ms":11}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"3dc3b98f-98d6-4b34-af44-f914f21cf24f","uptime":{"ms":180397},"version":"7.17.14"},"memstats":{"gc_next":20515072,"memory_alloc":11026920,"memory_total":58391128,"rss":98537472},"runtime":{"goroutines":18}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"active":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":2.3,"15":2.82,"5":3.38,"norm":{"1":0.575,"15":0.705,"5":0.845}}}}}}
2023-11-11T15:14:48.221Z INFO [monitoring] log/log.go:184 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cgroup":{"cpuacct":{"total":{"ns":21664722}},"memory":{"mem":{"usage":{"bytes":172032}}}},"cpu":{"system":{"ticks":140,"time":{"ms":4}},"total":{"ticks":430,"time":{"ms":11},"value":430},"user":{"ticks":290,"time":{"ms":7}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":9},"info":{"ephemeral_id":"3dc3b98f-98d6-4b34-af44-f914f21cf24f","uptime":{"ms":210392},"version":"7.17.14"},"memstats":{"gc_next":20515072,"memory_alloc":11385368,"memory_sys":262144,"memory_total":58749576,"rss":98537472},"runtime":{"goroutines":18}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"active":0}},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":1.8,"15":2.76,"5":3.15,"norm":{"1":0.45,"15":0.69,"5":0.7875}}}}}}
I don't see any previous errors in logstash.conf either
Using bundled JDK: /usr/share/logstash/jdk
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Sending Logstash logs to /usr/share/logstash/logs which is now configured via log4j2.properties
[2023-11-11T15:12:11,854][INFO ][logstash.runner ] Log4j configuration path used is: /usr/share/logstash/config/log4j2.properties
[2023-11-11T15:12:11,892][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.17.14", "jruby.version"=>"jruby 9.2.20.1 (2.5.8) 2021-11-30 2a2962fbd1 OpenJDK 64-Bit Server VM 11.0.20+8 on 11.0.20+8 +indy +jit [linux-x86_64]"}
[2023-11-11T15:12:11,896][INFO ][logstash.runner ] JVM bootstrap flags: [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djdk.io.File.enableADS=true, -Djruby.compile.invokedynamic=true, -Djruby.jit.threshold=0, -Djruby.regexp.interruptible=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true, -Dls.cgroup.cpuacct.path.override=/, -Dls.cgroup.cpu.path.override=/]
[2023-11-11T15:12:11,980][INFO ][logstash.settings ] Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
[2023-11-11T15:12:12,025][INFO ][logstash.settings ] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
[2023-11-11T15:12:12,807][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2023-11-11T15:12:12,882][INFO ][logstash.agent ] No persistent UUID file found. Generating new UUID {:uuid=>"3641e8bb-1335-43d5-ab96-7635818bf635", :path=>"/usr/share/logstash/data/uuid"}
[2023-11-11T15:12:15,244][WARN ][logstash.monitoringextension.pipelineregisterhook] xpack.monitoring.enabled has not been defined, but found elasticsearch configuration. Please explicitly set `xpack.monitoring.enabled: true` in logstash.yml
[2023-11-11T15:12:15,249][WARN ][deprecation.logstash.monitoringextension.pipelineregisterhook] Internal collectors option for Logstash monitoring is deprecated and may be removed in a future release.
Please configure Metricbeat to monitor Logstash. Documentation can be found at:
https://www.elastic.co/guide/en/logstash/current/monitoring-with-metricbeat.html
[2023-11-11T15:12:16,055][WARN ][deprecation.logstash.codecs.plain] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
[2023-11-11T15:12:16,224][WARN ][deprecation.logstash.outputs.elasticsearch] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
[2023-11-11T15:12:17,002][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
[2023-11-11T15:12:17,787][WARN ][logstash.licensechecker.licensereader] Restored connection to ES instance {:url=>"http://elasticsearch:9200/"}
[2023-11-11T15:12:17,834][INFO ][logstash.licensechecker.licensereader] Elasticsearch version determined (7.17.14) {:es_version=>7}
[2023-11-11T15:12:17,836][WARN ][logstash.licensechecker.licensereader] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
[2023-11-11T15:12:18,242][INFO ][logstash.monitoring.internalpipelinesource] Monitoring License OK
[2023-11-11T15:12:18,247][INFO ][logstash.monitoring.internalpipelinesource] Validated license for monitoring. Enabling monitoring pipeline.
[2023-11-11T15:12:19,103][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
[2023-11-11T15:12:23,986][INFO ][org.reflections.Reflections] Reflections took 219 ms to scan 1 urls, producing 119 keys and 419 values
[2023-11-11T15:12:25,816][WARN ][deprecation.logstash.codecs.plain] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
[2023-11-11T15:12:25,821][WARN ][deprecation.logstash.codecs.plain] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
[2023-11-11T15:12:25,867][WARN ][deprecation.logstash.inputs.beats] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
[2023-11-11T15:12:25,910][WARN ][deprecation.logstash.codecs.plain] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
[2023-11-11T15:12:25,919][WARN ][deprecation.logstash.codecs.plain] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
[2023-11-11T15:12:25,997][WARN ][deprecation.logstash.outputs.elasticsearchmonitoring] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
[2023-11-11T15:12:26,005][WARN ][deprecation.logstash.outputs.elasticsearch] Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
[2023-11-11T15:12:26,185][INFO ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearchMonitoring", :hosts=>["http://elasticsearch:9200"]}
[2023-11-11T15:12:26,186][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//XX.XX.XX.XX:9200"]}
[2023-11-11T15:12:26,239][INFO ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
[2023-11-11T15:12:26,240][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://XX.XX.XX.XX:9200/]}}
[2023-11-11T15:12:26,279][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://XX.XX.XX.XX:9200/"}
[2023-11-11T15:12:26,281][WARN ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Restored connection to ES instance {:url=>"http://elasticsearch:9200/"}
[2023-11-11T15:12:26,293][INFO ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Elasticsearch version determined (7.17.14) {:es_version=>7}
[2023-11-11T15:12:26,294][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch version determined (7.17.14) {:es_version=>7}
[2023-11-11T15:12:26,295][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
[2023-11-11T15:12:26,295][WARN ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
[2023-11-11T15:12:26,522][INFO ][logstash.outputs.elasticsearch][main] Config is not compliant with data streams. `data_stream => auto` resolved to `false`
[2023-11-11T15:12:26,528][INFO ][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash] Config is not compliant with data streams. `data_stream => auto` resolved to `false`
[2023-11-11T15:12:26,559][WARN ][logstash.javapipeline ][.monitoring-logstash] 'pipeline.ordered' is enabled and is likely less efficient, consider disabling if preserving event order is not necessary
[2023-11-11T15:12:26,625][INFO ][logstash.outputs.elasticsearch][main] Using a default mapping template {:es_version=>7, :ecs_compatibility=>:disabled}
[2023-11-11T15:12:26,729][INFO ][logstash.javapipeline ][.monitoring-logstash] Starting pipeline {:pipeline_id=>".monitoring-logstash", "pipeline.workers"=>1, "pipeline.batch.size"=>2, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>2, "pipeline.sources"=>["monitoring pipeline"], :thread=>"#<Thread:0x31106ae3@/usr/share/logstash/logstash-core/lib/logstash/pipelines_registry.rb:159 run>"}
[2023-11-11T15:12:26,731][INFO ][logstash.outputs.elasticsearch][main] Installing Elasticsearch template {:name=>"logstash"}
[2023-11-11T15:12:26,734][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["/etc/logstash/conf.d/logstash.conf"], :thread=>"#<Thread:0x78d2ddba@/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:130 run>"}
[2023-11-11T15:12:28,114][INFO ][logstash.javapipeline ][.monitoring-logstash] Pipeline Java execution initialization time {"seconds"=>1.38}
[2023-11-11T15:12:28,211][INFO ][logstash.javapipeline ][main] Pipeline Java execution initialization time {"seconds"=>1.46}
[2023-11-11T15:12:28,258][INFO ][logstash.inputs.beats ][main] Starting input listener {:address=>"0.0.0.0:5044"}
[2023-11-11T15:12:28,276][INFO ][logstash.javapipeline ][.monitoring-logstash] Pipeline started {"pipeline.id"=>".monitoring-logstash"}
[2023-11-11T15:12:28,320][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
[2023-11-11T15:12:28,508][INFO ][logstash.agent ] Pipelines running {:count=>2, :running_pipelines=>[:main, :".monitoring-logstash"], :non_running_pipelines=>[]}
[2023-11-11T15:12:28,645][INFO ][org.logstash.beats.Server][main][7426d6c7834d350eb2014b52cc2f1927a7d0594fe26f98bb989f9afcae58c292] Starting server on port: 5044
However, I assume I should have had an appear in the logstash itself? I don't see it, at what stage is it compiled?