Hi,
I am trying to set up syslogging from a nexus switch to feed into Filebeat's Cisco module that would then feed into Elasticsearch. I tend to get the same error message after enabling the cisco module and running this from powershell "./filebeat.exe setup -e"
Additional information: Elasticsearch version 8.9.0, Filebeat 8.9.0
{"log.level":"error","@timestamp":"2023-09-26T09:56:05.655-0700","log.origin":{"file.name":"cfgfile/reload.go","file.line":270},"message":"Error loading config from file 'C:\Program Files\Filebeat-8.9.0-CISCO\modules.d\cisco.yml', error invalid config: yaml: line 102: did not find expected key","service.name":"filebeat","ecs.version":"1.6.0"}
cisco.yml
nexus:
enabled: true
#Set which input to use between udp (default), tcp or file.
var.input: udp
var.syslog_host: 10.0.0.83
var.syslog_port: 9004
# Set paths for the log files when file input is used.
# var.paths:
# Toggle output of non-ECS fields (default true).
# var.rsa_fields: true
# Set custom timezone offset.
# "local" (default) for system timezone.
# "+02:00" for GMT+02:00
# var.tz_offset: local
Line 102 is the "Set which input to use between udp, tcp or file". It has been confirmed data is being sent but for some reason Filebeat isn't running or I will start it and it will start for a few seconds and then stop running. I think I am just missing something but not sure. Please let me know if any other information is needed. I have been stuck on this for a long time so any help is appreciated.
Thank you.