Filebeat configuration

I have to read logs from different server so I am using filebeat for that.
in filebeat yml file I have mention


- type: log
  enabled: true
    - /home/3rdisearch-dev/project/mangeshs/logs/indexer-1/logs/*.log

  multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
  multiline.negate: true
  multiline.match: after

  hosts: ["XX.XX.X.XX:5044"]

and logstash conf file input as

input {
    beats {
	    type => "test"
        port => "5044"

sample log file

2021-09-28 11:04:56,060 INFO [Thread-165] Indexed docs:37272
2021-09-28 11:04:58,456 ERROR [Thread-166] Exception occured while getting file info, for fileid:473828671090 userId:177129950 The API returned an error code [429 | xdg56cguwjrz1loo.0b2529a264e816335ba260ec03e13a4fa] rate_limit_exceeded - Request rate limit exceeded, please try again later

my questions are

  1. is filebeat is correct
  2. what exactly port 5044 is defined. is it logstash running port or anything
  3. changes in log file are not reflected in ELK

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.