Filebeat 5.6.16 to 7.8.1 breaking

kopacko · August 10, 2020, 3:08pm

I attempted a migration on one of my Windows servers from filebeats 5.6.16 to 7.8.1. And got no service errors but was no longer receiving any file logs.

I noticed in the logs that connections to the Elasticsearch cluster were being denied.

My basic config is this:

    filebeat.prospectors:
    - input_type: log
      paths:
        - C:\xxxx\config\logs\*
    output.logstash:
      hosts: ["x.x.x.x:5046"]

I am going to attempt another migration during my next change window. But I did not understand what would cause it fail. Yet flipping back to 5.6.16 with this config, worked just fine. I know that filebeat.prospectors changed to filebeats.inputs.

Any thoughts as to what might have caused this?

kvch · August 10, 2020, 3:35pm

I see two issues:

prospectors were renamed to inputs
input_type was renamed to type

I think the following configuration will work:

filebeat.inputs:
- type: log
  paths:
    - C:\xxxx\config\logs\*
output.logstash:
  hosts: ["x.x.x.x:5046"]

Let me know if you still have problems after the changes in your configuration! It would be nice if you could attach debug logs to see what is the issue exactly.

kopacko · August 25, 2020, 1:35am

So I got a chance to try again over the weekend.

Did a fresh install, on a different computer all together and the service would not send any data. Some times it would start and some times it wouldn't.

It was very hit or miss. I installed Filebeat v5.5.16 without issue the first time around.

system · September 22, 2020, 3:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.