Filebeat error on Windows: index management requested but the Elasticsearch output is not configured/enabled

Hello Filebeat team,
I did my due-diligence and did read all the posts with same error as mine but still stuck.
I'm following this doc-> Filebeat quick start: installation and configuration | Filebeat Reference [8.12] | Elastic
If I run .\filebeat.exe setup -e in my installation dir I get

{"log.level":"error","@timestamp":"2024-02-14T20:21:09.356Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.handleError","file.name":"instance/
beat.go","file.line":1312},"message":"Exiting: index management requested but the Elasticsearch output is not configured/enabled","service.name":"filebeat","ecs.version":"
1.6.0"}
Exiting: index management requested but the Elasticsearch output is not configured/enabled

I post my filebeat.yml before:

###################### Filebeat Configuration Example #########################

# This file is an example configuration file highlighting only the most common
# options. The filebeat.reference.yml file from the same directory contains all the
# supported options with more comments. You can use it as a reference.
#
# You can find the full configuration reference here:
# https://www.elastic.co/guide/en/beats/filebeat/index.html
# For more available modules and options, please see the filebeat.reference.yml sample
# configuration file.

# ============================== Filebeat inputs ===============================

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input-specific configurations.

# filestream is an input for collecting log messages from files.
- type: filestream

  # Unique ID among all inputs, an ID is required.
  id: my-filestream-id

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/*.log
    #- c:\programdata\elasticsearch\logs\*

  # Exclude lines. A list of regular expressions to match. It drops the lines that are
  # matching any regular expression from the list.
  # Line filtering happens after the parsers pipeline. If you would like to filter lines
  # before parsers, use include_message parser.
  #exclude_lines: ['^DBG']

  # Include lines. A list of regular expressions to match. It exports the lines that are
  # matching any regular expression from the list.
  # Line filtering happens after the parsers pipeline. If you would like to filter lines
  # before parsers, use include_message parser.
  #include_lines: ['^ERR', '^WARN']

  # Exclude files. A list of regular expressions to match. Filebeat drops the files that
  # are matching any regular expression from the list. By default, no files are dropped.
  #prospector.scanner.exclude_files: ['.gz$']

  # Optional additional fields. These fields can be freely picked
  # to add additional information to the crawled log files for filtering
  #fields:
  #  level: debug
  #  review: 1

# ============================== Filebeat modules ==============================

filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml

  # Set to true to enable config reloading
  reload.enabled: false

  # Period on which files under path should be checked for changes
  #reload.period: 10s

# ======================= Elasticsearch template setting =======================

setup.template.settings:
  index.number_of_shards: 1
  #index.codec: best_compression
  #_source.enabled: false
 setup.template.enabled: false

# ================================== General ===================================

# The name of the shipper that publishes the network data. It can be used to group
# all the transactions sent by a single shipper in the web interface.
#name:

# The tags of the shipper are included in their field with each
# transaction published.
#tags: ["service-X", "web-tier"]

# Optional fields that you can specify to add additional information to the
# output.
#fields:
#  env: staging

# ================================= Dashboards =================================
# These settings control loading the sample dashboards to the Kibana index. Loading
# the dashboards is disabled by default and can be enabled either by setting the
# options here or by using the `setup` command.
#setup.dashboards.enabled: false

# The URL from where to download the dashboard archive. By default, this URL
# has a value that is computed based on the Beat name and version. For released
# versions, this URL points to the dashboard archive on the artifacts.elastic.co
# website.
#setup.dashboards.url:

# =================================== Kibana ===================================

# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
setup.kibana:

  # Kibana Host
  # Scheme and port can be left out and will be set to the default (http and 5601)
  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
  #host: "localhost:5601"

  # Kibana Space ID
  # ID of the Kibana Space into which the dashboards should be loaded. By default,
  # the Default Space will be used.
  #space.id:

# =============================== Elastic Cloud ================================

# These settings simplify using Filebeat with the Elastic Cloud (https://cloud.elastic.co/).

# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
# `setup.kibana.host` options.
# You can find the `cloud.id` in the Elastic Cloud web UI.
#cloud.id:

# The cloud.auth setting overwrites the `output.elasticsearch.username` and
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
#cloud.auth:

# ================================== Outputs ===================================

# Configure what output to use when sending the data collected by the beat.

# ---------------------------- Elasticsearch Output ----------------------------
#output.elasticsearch:
  # Array of hosts to connect to.
  # hosts: ["localhost:9200"]

  # Performance preset - one of "balanced", "throughput", "scale",
  # "latency", or "custom".
  #preset: balanced

  # Protocol - either `http` (default) or `https`.
  #protocol: "http"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  username: "elastic"
  password: "elastic"

# ------------------------------ Logstash Output -------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

# ================================= Processors =================================
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

# ================================== Logging ===================================

# Sets log level. The default log level is info.
# Available log levels are: error, warning, info, debug
logging.level: debug

# At debug level, you can selectively enable logging only for some components.
# To enable all selectors, use ["*"]. Examples of other selectors are "beat",
# "publisher", "service".
logging.selectors: ["*"]

# ============================= X-Pack Monitoring ==============================
# Filebeat can export internal metrics to a central Elasticsearch monitoring
# cluster.  This requires xpack monitoring to be enabled in Elasticsearch.  The
# reporting is disabled by default.

# Set to true to enable the monitoring reporter.
#monitoring.enabled: false

# Sets the UUID of the Elasticsearch cluster under which monitoring data for this
# Filebeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
#monitoring.cluster_uuid:

# Uncomment to send the metrics to Elasticsearch. Most settings from the
# Elasticsearch outputs are accepted here as well.
# Note that the settings should point to your Elasticsearch *monitoring* cluster.
# Any setting that is not set is automatically inherited from the Elasticsearch
# output configuration, so if you have the Elasticsearch output configured such
# that it is pointing to your Elasticsearch monitoring cluster, you can simply
# uncomment the following line.
#monitoring.elasticsearch:

# ============================== Instrumentation ===============================

# Instrumentation support for the filebeat.
#instrumentation:
    # Set to true to enable instrumentation of filebeat.
    #enabled: false

    # Environment in which filebeat is running on (eg: staging, production, etc.)
    #environment: ""

    # APM Server hosts to report instrumentation results to.
    #hosts:
    #  - http://localhost:8200

    # API Key for the APM Server(s).
    # If api_key is set then secret_token will be ignored.
    #api_key:

    # Secret token for the APM Server(s).
    #secret_token:


# ================================= Migration ==================================

# This allows to enable 6.7 migration aliases
#migration.6_to_7.enabled: true

I cannot even start filebeat in Windows: if I type
Start-Service filebeat

I get the error below:

Start-Service : Failed to start service 'filebeat (filebeat)'.
At line:1 char:1
+ Start-Service filebeat
+ ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service], ServiceCommandException
    + FullyQualifiedErrorId : StartServiceFailed,Microsoft.PowerShell.Commands.StartServiceCommand

Any help will be appreciated. thanks

Regards,
Tiziano C.

To run this command the elasticsearch.output

Must be properly configured to point to elasticsearch. It must be configured properly and elasticsearch must be reachable.
This is so that filebeat can load the proper assets to elasticsearch.

This is needed even if you're going to switch to logstash afterwards.

2nd you yaml as it is shown is invalid these in the elasticsearch section need to be commented out.

Finally You appear to be wanting to use logstash... Which is fine but do you actually need it for something or are you following some third party guide telling you you need it.

If you follow the documentation that you linked above that would have filebeat directly sending data to elasticsearch.

My suggestion for new users is always get filebeat working directly sending data to elasticsearch before you introduce logstash.

1 Like

Hello @stephenb thank you for your reply. Much appreciated.
I now commented out username and password.

However, my scope to follow this documentation was just to setup and start Filebeat and, once done, move on to follow the documentation of Logstash. But, in order to proceed with Logstash, I must be able to start Filebeat.

And now, if I run Start-Service filebeat in C:\Program Files\filebeat(where I installed Filebeat and where is present filebeat.exe) it still throws an error:

Start-Service : Failed to start service 'filebeat (filebeat)'.
At line:1 char:1
+ Start-Service filebeat
+ ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service], ServiceCommandException
    + FullyQualifiedErrorId : StartServiceFailed,Microsoft.PowerShell.Commands.StartServiceCommand

I know that it got installed because, if I run Get-Service filebeat I do get as output:

Status   Name               DisplayName
------   ----               -----------
Stopped  filebeat           filebeat

I even tried to start manually by opening 'Services' and manually starting filebeat but I get the error:

Windows could not start the filebeat service on Local Computer.
Error 1067: The process terminated unexpectedly

Thank you in advance.

Regards,
Tiziano

What happens if you just run

.\filebeat.exe -e

I got this output. Looks like I have to enable the filesets...

{"log.level":"info","@timestamp":"2024-02-14T21:43:00.022Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure","file.name":"inst
ance/beat.go","file.line":811},"message":"Home path: [C:\\Program Files\\Filebeat] Config path: [C:\\Program Files\\Filebeat] Data path: [C:\\Program Files\\Filebeat\\data
] Logs path: [C:\\Program Files\\Filebeat\\logs]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.190Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).loadMet
a","file.name":"instance/beat.go","file.line":902},"message":"Beat metadata path: C:\\Program Files\\Filebeat\\data\\meta.json","service.name":"filebeat","ecs.version":"1.
6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.191Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure","file.name":"inst
ance/beat.go","file.line":819},"message":"Beat ID: 4b47d106-fd65-4643-bcb3-7f7ec6184881","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.217Z","log.logger":"conditions","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/conditions.NewConditio
n","file.name":"conditions/conditions.go","file.line":98},"message":"New condition contains: map[]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.218Z","log.logger":"conditions","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/conditions.NewConditio
n","file.name":"conditions/conditions.go","file.line":98},"message":"New condition !contains: map[]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.218Z","log.logger":"docker","log.origin":{"function":"github.com/elastic/elastic-agent-autodiscover/docker.NewClient
","file.name":"docker/client.go","file.line":49},"message":"Docker client will negotiate the API version on the first request.","service.name":"filebeat","ecs.version":"1.
6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.218Z","log.logger":"add_docker_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/ad
d_docker_metadata.buildDockerMetadataProcessor","file.name":"add_docker_metadata/add_docker_metadata.go","file.line":89},"message":"add_docker_metadata: docker environment
 not detected: protocol not available","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.219Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":130},"message":"add_cloud_metadata: starting to fetch metadata
, timeout=3s","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.223Z","log.logger":"kubernetes","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add_kuberne
tes_metadata.(*kubernetesAnnotator).init.func1","file.name":"add_kubernetes_metadata/kubernetes.go","file.line":152},"message":"Could not create kubernetes client using in
_cluster config: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable","
service.name":"filebeat","libbeat.processor":"add_kubernetes_metadata","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.241Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received disposition for g
cp after 21.9924ms. result=[provider:gcp, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-14T21:43:00.358Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received error failed with
 http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.361Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received disposition for d
igitalocean after 140.9929ms. result=[provider:digitalocean, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-14T21:43:00.373Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received error failed with
 http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.383Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received disposition for a
zure after 163.9932ms. result=[provider:azure, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-14T21:43:00.418Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received error failed with
 http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.430Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received disposition for h
etzner after 210.9909ms. result=[provider:hetzner, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-14T21:43:00.431Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received error failed with
 http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.431Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received disposition for h
uawei after 211.9941ms. result=[provider:huawei, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-14T21:43:00.431Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received error failed with
 http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.434Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received disposition for o
penstack after 214.9928ms. result=[provider:openstack, error=<nil>, metadata={\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4b7325a712ccee\",
\"name\":\"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\"},\"machine\":{\"type\":\"t2.small\"},\"provider\":\"openstack\",\"service\":{\"name\":\"Nova\"}}}]"
,"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.456Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_cloud_metadata.(*addCloudMetadata).fetchMetadata.func1","file.name":"add_cloud_metadata/providers.go","file.line":133},"message":"add_cloud_metadata: fetchMetadata ran fo
r 236.9938ms","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.458Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add_
cloud_metadata.(*addCloudMetadata).init.func1","file.name":"add_cloud_metadata/add_cloud_metadata.go","file.line":104},"message":"add_cloud_metadata: hosting provider type
 detected as openstack, metadata={\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4b7325a712ccee\",\"name\":\"ip-10-147-119-41.alpsec.ew1.alpha
-dev.private.gemalto.com.\"},\"machine\":{\"type\":\"t2.small\"},\"provider\":\"openstack\",\"service\":{\"name\":\"Nova\"}}}","service.name":"filebeat","ecs.version":"1.6
.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.463Z","log.logger":"processors","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors.New","file.
name":"processors/processor.go","file.line":114},"message":"Generated new processors: add_host_metadata=[netinfo.enabled=[true], cache.ttl=[5m0s]], condition=!contains: ma
p[], add_cloud_metadata={\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4b7325a712ccee\",\"name\":\"ip-10-147-119-41.alpsec.ew1.alpha-dev.priv
ate.gemalto.com.\"},\"machine\":{\"type\":\"t2.small\"},\"provider\":\"openstack\",\"service\":{\"name\":\"Nova\"}}}, add_docker_metadata=[match_fields=[] match_pids=[proc
ess.pid, process.parent.pid]], add_kubernetes_metadata","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.465Z","log.logger":"seccomp","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/common/seccomp.loadFilter
","file.name":"seccomp/seccomp.go","file.line":97},"message":"Syscall filtering is only supported on Linux","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.465Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo","
file.name":"instance/beat.go","file.line":1337},"message":"Beat info","service.name":"filebeat","system_info":{"beat":{"path":{"config":"C:\\Program Files\\Filebeat","data
":"C:\\Program Files\\Filebeat\\data","home":"C:\\Program Files\\Filebeat","logs":"C:\\Program Files\\Filebeat\\logs"},"type":"filebeat","uuid":"4b47d106-fd65-4643-bcb3-7f
7ec6184881"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.465Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo","
file.name":"instance/beat.go","file.line":1346},"message":"Build info","service.name":"filebeat","system_info":{"build":{"commit":"c7ec8f634ed6052674762b32fa640087d32f165f
","libbeat":"8.12.1","time":"2024-02-01T12:00:16.000Z","version":"8.12.1"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.465Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo","
file.name":"instance/beat.go","file.line":1349},"message":"Go runtime info","service.name":"filebeat","system_info":{"go":{"os":"windows","arch":"amd64","max_procs":1,"ver
sion":"go1.20.12"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.475Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo","
file.name":"instance/beat.go","file.line":1355},"message":"Host info","service.name":"filebeat","system_info":{"host":{"architecture":"x86_64","boot_time":"2024-02-14T14:0
4:58Z","name":"ec2amaz-n6l6q6q","ip":["10.147.119.41","::1","127.0.0.1"],"kernel_version":"10.0.14393.6611 (rs1_release.231218-1733)","mac":["06:f8:7d:88:81:b7"],"os":{"ty
pe":"windows","family":"windows","platform":"windows","name":"Windows Server 2016 Datacenter","version":"10.0","major":10,"minor":0,"patch":0,"build":"14393.6614"},"timezo
ne":"UTC","timezone_offset_sec":0,"id":"556cb70f-336b-45e2-9ac3-ac04379e7ccd"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.477Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo","
file.name":"instance/beat.go","file.line":1384},"message":"Process info","service.name":"filebeat","system_info":{"process":{"cwd":"C:\\Program Files\\Filebeat","exe":"C:\
\Program Files\\Filebeat\\filebeat.exe","name":"filebeat.exe","pid":520,"ppid":3184,"start_time":"2024-02-14T21:42:59.768Z"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.479Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).createBeater","file.name":"i
nstance/beat.go","file.line":334},"message":"Setup Beat: filebeat; Version: 8.12.1","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.488Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).createB
eater","file.name":"instance/beat.go","file.line":362},"message":"Initializing output plugins","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.510Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*ev
entConsumer).run","file.name":"pipeline/consumer.go","file.line":110},"message":"start pipeline event consumer","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.534Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.LoadW
ithSettings","file.name":"pipeline/module.go","file.line":105},"message":"Beat name: EC2AMAZ-N6L6Q6Q","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.510Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*qu
eueReader).run","file.name":"pipeline/queue_reader.go","file.line":49},"message":"pipeline event consumer queue reader: start","service.name":"filebeat","ecs.version":"1.6
.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.609Z","log.logger":"modules","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/fileset.newModuleRegistry
","file.name":"fileset/modules.go","file.line":135},"message":"Enabled modules/filesets: ","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2024-02-14T21:43:00.610Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).setupPipelineLoaderCallback",
"file.name":"beater/filebeat.go","file.line":193},"message":"Filebeat is unable to load the ingest pipelines for the configured modules because the Elasticsearch output is
 not configured/enabled. If you have already loaded the ingest pipelines or are using Logstash pipelines, you can ignore this warning.","service.name":"filebeat","ecs.vers
ion":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.610Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch","file.name":"instanc
e/beat.go","file.line":520},"message":"filebeat start running.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.611Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.isFile","file.nam
e":"registrar/migrate.go","file.line":287},"message":"isFile(C:\\Program Files\\Filebeat\\data\\registry) -> false","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.611Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.isFile","file.nam
e":"registrar/migrate.go","file.line":287},"message":"isFile() -> false","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.611Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.isDir","file.name
":"registrar/migrate.go","file.line":280},"message":"isDir(C:\\Program Files\\Filebeat\\data\\registry\\filebeat) -> true","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.611Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.isFile","file.nam
e":"registrar/migrate.go","file.line":287},"message":"isFile(C:\\Program Files\\Filebeat\\data\\registry\\filebeat\\meta.json) -> true","service.name":"filebeat","ecs.vers
ion":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.611Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Migrator).
Run","file.name":"registrar/migrate.go","file.line":82},"message":"Registry type '1' found","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.613Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/statestore/backend/memlog.openStore","file.name":
"memlog/store.go","file.line":134},"message":"Finished loading transaction log file for 'C:\\Program Files\\Filebeat\\data\\registry\\filebeat'. Active transaction id=0","
service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.616Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/statestore/backend/memlog.openStore","file.name":
"memlog/store.go","file.line":134},"message":"Finished loading transaction log file for 'C:\\Program Files\\Filebeat\\data\\registry\\filebeat'. Active transaction id=0","
service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2024-02-14T21:43:00.617Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).Run","file.name":"beater/file
beat.go","file.line":331},"message":"Filebeat is unable to load the ingest pipelines for the configured modules because the Elasticsearch output is not configured/enabled.
 If you have already loaded the ingest pipelines or are using Logstash pipelines, you can ignore this warning.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.617Z","log.logger":"input","log.origin":{"function":"github.com/elastic/beats/v7/x-pack/filebeat/input/shipper.NewInp
utManager","file.name":"shipper/input.go","file.line":55},"message":"creating new InputManager","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.617Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar).
loadStates","file.name":"registrar/registrar.go","file.line":107},"message":"States Loaded from registrar: 0","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.617Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Start",
"file.name":"beater/crawler.go","file.line":71},"message":"Loading Inputs: 1","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.617Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).startIn
put","file.name":"beater/crawler.go","file.line":117},"message":"starting input, keys present on the config: [filebeat.inputs.0.enabled filebeat.inputs.0.id filebeat.input
s.0.paths.0 filebeat.inputs.0.type]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.618Z","log.logger":"scanner","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/filestream.(*fileS
canner).resolveRecursiveGlobs","file.name":"filestream/fswatch.go","file.line":329},"message":"recursive glob enabled","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.618Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/filestream.newProspector","file.name":"fi
lestream/prospector_creator.go","file.line":58},"message":"file identity is set to native","service.name":"filebeat","filestream_id":"my-filestream-id","ecs.version":"1.6.
0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.618Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).startIn
put","file.name":"beater/crawler.go","file.line":148},"message":"Starting input (ID: 11337388005444501392)","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.618Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.(*Reloader).Check
","file.name":"cfgfile/reload.go","file.line":131},"message":"Checking module configs from: C:\\Program Files\\Filebeat/modules.d/*.yml","service.name":"filebeat","ecs.ver
sion":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.620Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.LoadList","file.n
ame":"cfgfile/cfgfile.go","file.line":204},"message":"Load config from file: C:\\Program Files\\Filebeat\\modules.d\\logstash.yml","service.name":"filebeat","ecs.version":
"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.621Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.LoadList","file.n
ame":"cfgfile/cfgfile.go","file.line":204},"message":"Load config from file: C:\\Program Files\\Filebeat\\modules.d\\system.yml","service.name":"filebeat","ecs.version":"1
.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.623Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.(*Reloader).Check
","file.name":"cfgfile/reload.go","file.line":145},"message":"Number of module configs found: 2","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.625Z","log.logger":"modules","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/fileset.newModuleRegistry
","file.name":"fileset/modules.go","file.line":135},"message":"Enabled modules/filesets: ","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.625Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop","file.name":"beater/craw
ler.go","file.line":155},"message":"Stopping Crawler","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.625Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop","file.name":"beater/craw
ler.go","file.line":165},"message":"Stopping 1 inputs","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.621Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(
*reporter).snapshotLoop","file.name":"log/log.go","file.line":145},"message":"Starting metrics logging every 30s","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.621Z","log.logger":"service","log.origin":{"function":"github.com/elastic/elastic-agent-libs/service.ProcessWindowsC
ontrolEvents","file.name":"service/service_windows.go","file.line":134},"message":"Windows is interactive: false","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.627Z","log.origin":{"function":"github.com/elastic/elastic-agent-libs/service.ProcessWindowsControlEvents","file.name
":"service/service_windows.go","file.line":163},"message":"Attempted to register Windows service handlers, but this is not a service. No action necessary","service.name":"
filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.621Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar)
.Run","file.name":"registrar/registrar.go","file.line":138},"message":"Starting Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.621Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/v2/compat.
(*runner).Start.func1","file.name":"compat/compat.go","file.line":121},"message":"Input 'filestream' starting","service.name":"filebeat","id":"my-filestream-id","ecs.versi
on":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.628Z","log.logger":"metric_registry","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/inputmo
n.NewInputRegistry","file.name":"inputmon/input.go","file.line":63},"message":"registering","service.name":"filebeat","input_type":"filestream","id":"my-filestream-id","ke
y":"my-filestream-id","uuid":"a651775e-6ef4-4c09-8ca4-da960e81b471","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.628Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/filestrea
m.(*fileProspector).Run","file.name":"filestream/prospector.go","file.line":133},"message":"Starting prospector","service.name":"filebeat","id":"my-filestream-id","prospec
tor":"file_prospector","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.628Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop.fu
nc2","file.name":"beater/crawler.go","file.line":170},"message":"Stopping input: 11337388005444501392","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.628Z","log.logger":"file_watcher","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/filestream.(*
fileWatcher).watch","file.name":"filestream/fswatch.go","file.line":120},"message":"Start next scan","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.628Z","log.logger":"file_watcher","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/filestream.(*
fileWatcher).watch","file.name":"filestream/fswatch.go","file.line":224},"message":"File scan complete","service.name":"filebeat","total":0,"written":0,"truncated":0,"rena
med":0,"removed":0,"created":0,"ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.628Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/filestrea
m.(*fileProspector).Run","file.name":"filestream/prospector.go","file.line":165},"message":"Prospector has stopped","service.name":"filebeat","id":"my-filestream-id","pros
pector":"file_prospector","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.628Z","log.logger":"metric_registry","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/inputmo
n.NewInputRegistry.func1","file.name":"inputmon/input.go","file.line":70},"message":"unregistering","service.name":"filebeat","input_type":"filestream","id":"my-filestream
-id","key":"my-filestream-id","uuid":"a651775e-6ef4-4c09-8ca4-da960e81b471","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.630Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/v2/compat.
(*runner).Start.func1","file.name":"compat/compat.go","file.line":134},"message":"Input 'filestream' stopped (goroutine)","service.name":"filebeat","id":"my-filestream-id"
,"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.630Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/v2/compat.
(*runner).Stop","file.name":"compat/compat.go","file.line":142},"message":"Input 'filestream' stopped (runner)","service.name":"filebeat","id":"my-filestream-id","ecs.vers
ion":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.630Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop","file.name":"beater/craw
ler.go","file.line":185},"message":"Crawler stopped","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.630Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar).
Stop","file.name":"registrar/registrar.go","file.line":130},"message":"Stopping Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.630Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar).
Run","file.name":"registrar/registrar.go","file.line":164},"message":"Ending Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-14T21:43:00.630Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar)
.Run","file.name":"registrar/registrar.go","file.line":165},"message":"Stopping Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.630Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar).
Stop","file.name":"registrar/registrar.go","file.line":135},"message":"Registrar stopped","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.632Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(
*reporter).logTotals","file.name":"log/log.go","file.line":195},"message":"Total metrics","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cpu":{"system":{"tick
s":281,"time":{"ms":281}},"total":{"ticks":406,"time":{"ms":406},"value":406},"user":{"ticks":125,"time":{"ms":125}}},"info":{"ephemeral_id":"2c630974-cf3b-4901-b3da-9a7ad
a8bcab6","name":"filebeat","uptime":{"ms":744},"version":"8.12.1"},"memstats":{"gc_next":37718000,"memory_alloc":22309608,"memory_sys":48391240,"memory_total":62003688,"rs
s":77291520},"runtime":{"goroutines":16}},"filebeat":{"events":{"active":0,"added":0,"done":0},"harvester":{"closed":0,"open_files":0,"running":0,"skipped":0,"started":0},
"input":{"log":{"files":{"renamed":0,"truncated":0}},"netflow":{"flows":0,"packets":{"dropped":0,"received":0}}}},"libbeat":{"config":{"module":{"running":0,"starts":0,"st
ops":0},"reloads":0,"scans":0},"output":{"batches":{"split":0},"events":{"acked":0,"active":0,"batches":0,"dropped":0,"duplicates":0,"failed":0,"toomany":0,"total":0},"rea
d":{"bytes":0,"errors":0},"type":"logstash","write":{"bytes":0,"errors":0}},"pipeline":{"clients":0,"events":{"active":0,"dropped":0,"failed":0,"filtered":0,"published":0,
"retry":0,"total":0},"queue":{"acked":0,"max_events":3200}}},"processor":{"add_host_metadata":{"fqdn_lookup_failed":0}},"registrar":{"states":{"cleanup":0,"current":0,"upd
ate":0},"writes":{"fail":0,"success":0,"total":0}},"system":{"cpu":{"cores":1},"handles":{"open":275}}},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.632Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(
*reporter).logTotals","file.name":"log/log.go","file.line":196},"message":"Uptime: 746.9932ms","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.632Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(
*reporter).snapshotLoop","file.name":"log/log.go","file.line":163},"message":"Stopping metrics logging.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-14T21:43:00.633Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch","file.name":"instanc
e/beat.go","file.line":532},"message":"filebeat stopped.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-14T21:43:00.637Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.handleError","file.name":"instance/
beat.go","file.line":1312},"message":"Exiting: Failed to start crawler: creating module reloader failed: could not create module registry for filesets: module logstash is
configured but has no enabled filesets","service.name":"filebeat","ecs.version":"1.6.0"}
Exiting: Failed to start crawler: creating module reloader failed: could not create module registry for filesets: module logstash is configured but has no enabled filesets

What module did you enable?

Did you enable the logstash module?

Again that's okay but why?

Can You share that modules.d\logstash.yml
File?

if you have not made any changes then yes you will need to enable the filesets AND you may need to set the var.path.

JUST FYI, this is for shipping logstash-specific operational logs, not just plain ole logs...

# Module: logstash
# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-logstash.html

- module: logstash
  # logs
  log:
    enabled: false

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths:

  # Slow logs
  slowlog:
    enabled: false
    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths:

Hello @stephenb , sorry I decided to uninstall and re-install again Filebeat and Logstash and start again from scratch. Will follow up tomorrow if I will have any further issue. I appreciated your help :slightly_smiling_face: !

Regards,
Tiziano

Hello @stephenb ,

I did re-install everything from scratch.
However, I'm still having issues starting filebeat. If I run in filebeat (where I have my filebeat.exe) Start-Service filebeat I get as error:

Start-Service : Failed to start service 'filebeat (filebeat)'.
At line:1 char:1
+ Start-Service filebeat
+ ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController
   ServiceCommandException
    + FullyQualifiedErrorId : StartServiceFailed,Microsoft.PowerShell.Commands.StartServiceCommand

I know that is installed because if I run Get-Service filebeat I get as output:

Status   Name               DisplayName
------   ----               -----------
Stopped  filebeat           filebeat

Below is my filebeat.yml:

###################### Filebeat Configuration Example #########################

# This file is an example configuration file highlighting only the most common
# options. The filebeat.reference.yml file from the same directory contains all the
# supported options with more comments. You can use it as a reference.
#
# You can find the full configuration reference here:
# https://www.elastic.co/guide/en/beats/filebeat/index.html

# For more available modules and options, please see the filebeat.reference.yml sample
# configuration file.

# ============================== Filebeat inputs ===============================

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input-specific configurations.

# filestream is an input for collecting log messages from files.
- type: filestream

  # Unique ID among all inputs, an ID is required.
  id: my-filestream-id

  # Change to true to enable this input configuration.
  enabled: false

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - c:\Filebeat\logs\*
    #- c:\programdata\elasticsearch\logs\*

  # Exclude lines. A list of regular expressions to match. It drops the lines that are
  # matching any regular expression from the list.
  # Line filtering happens after the parsers pipeline. If you would like to filter lines
  # before parsers, use include_message parser.
  #exclude_lines: ['^DBG']

  # Include lines. A list of regular expressions to match. It exports the lines that are
  # matching any regular expression from the list.
  # Line filtering happens after the parsers pipeline. If you would like to filter lines
  # before parsers, use include_message parser.
  #include_lines: ['^ERR', '^WARN']

  # Exclude files. A list of regular expressions to match. Filebeat drops the files that
  # are matching any regular expression from the list. By default, no files are dropped.
  #prospector.scanner.exclude_files: ['.gz$']

  # Optional additional fields. These fields can be freely picked
  # to add additional information to the crawled log files for filtering
  #fields:
  #  level: debug
  #  review: 1

# ============================== Filebeat modules ==============================

filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml

  # Set to true to enable config reloading
  reload.enabled: false

  # Period on which files under path should be checked for changes
  #reload.period: 10s

# ======================= Elasticsearch template setting =======================

setup.template.settings:
  index.number_of_shards: 1
  #index.codec: best_compression
  #_source.enabled: false


# ================================== General ===================================

# The name of the shipper that publishes the network data. It can be used to group
# all the transactions sent by a single shipper in the web interface.
#name:

# The tags of the shipper are included in their field with each
# transaction published.
#tags: ["service-X", "web-tier"]

# Optional fields that you can specify to add additional information to the
# output.
#fields:
#  env: staging

# ================================= Dashboards =================================
# These settings control loading the sample dashboards to the Kibana index. Loading
# the dashboards is disabled by default and can be enabled either by setting the
# options here or by using the `setup` command.
#setup.dashboards.enabled: false

# The URL from where to download the dashboard archive. By default, this URL
# has a value that is computed based on the Beat name and version. For released
# versions, this URL points to the dashboard archive on the artifacts.elastic.co
# website.
#setup.dashboards.url:

# =================================== Kibana ===================================

# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
#setup.kibana:

  # Kibana Host
  # Scheme and port can be left out and will be set to the default (http and 5601)
  # In case you specify and additional path, the scheme is required: http://localhost:5601/path
  # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
  #host: "localhost:5601"

  # Kibana Space ID
  # ID of the Kibana Space into which the dashboards should be loaded. By default,
  # the Default Space will be used.
  #space.id:

# =============================== Elastic Cloud ================================

# These settings simplify using Filebeat with the Elastic Cloud (https://cloud.elastic.co/).

# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
# `setup.kibana.host` options.
# You can find the `cloud.id` in the Elastic Cloud web UI.
#cloud.id:

# The cloud.auth setting overwrites the `output.elasticsearch.username` and
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
#cloud.auth:

# ================================== Outputs ===================================

# Configure what output to use when sending the data collected by the beat.

# ---------------------------- Elasticsearch Output ----------------------------
#output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]

  # Performance preset - one of "balanced", "throughput", "scale",
  # "latency", or "custom".
  #preset: balanced

  # Protocol - either `http` (default) or `https`.
  #protocol: "https"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  #username: "elastic"
  #password: "changeme"

# ------------------------------ Logstash Output -------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

# ================================= Processors =================================
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

# ================================== Logging ===================================

# Sets log level. The default log level is info.
# Available log levels are: error, warning, info, debug
logging.level: debug

# At debug level, you can selectively enable logging only for some components.
# To enable all selectors, use ["*"]. Examples of other selectors are "beat",
# "publisher", "service".
logging.selectors: ["*"]

# ============================= X-Pack Monitoring ==============================
# Filebeat can export internal metrics to a central Elasticsearch monitoring
# cluster.  This requires xpack monitoring to be enabled in Elasticsearch.  The
# reporting is disabled by default.

# Set to true to enable the monitoring reporter.
#monitoring.enabled: false

# Sets the UUID of the Elasticsearch cluster under which monitoring data for this
# Filebeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
#monitoring.cluster_uuid:

# Uncomment to send the metrics to Elasticsearch. Most settings from the
# Elasticsearch outputs are accepted here as well.
# Note that the settings should point to your Elasticsearch *monitoring* cluster.
# Any setting that is not set is automatically inherited from the Elasticsearch
# output configuration, so if you have the Elasticsearch output configured such
# that it is pointing to your Elasticsearch monitoring cluster, you can simply
# uncomment the following line.
#monitoring.elasticsearch:

# ============================== Instrumentation ===============================

# Instrumentation support for the filebeat.
#instrumentation:
    # Set to true to enable instrumentation of filebeat.
    #enabled: false

    # Environment in which filebeat is running on (eg: staging, production, etc.)
    #environment: ""

    # APM Server hosts to report instrumentation results to.
    #hosts:
    #  - http://localhost:8200

    # API Key for the APM Server(s).
    # If api_key is set then secret_token will be ignored.
    #api_key:

    # Secret token for the APM Server(s).
    #secret_token:


# ================================= Migration ==================================

# This allows to enable 6.7 migration aliases
#migration.6_to_7.enabled: true

Below is my modules.d\logstash.yml:

# Module: logstash
# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-logstash.html

- module: logstash
  # logs
  log:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths: C:\Filebeat\logs\*

  # Slow logs
  slowlog:
    enabled: false
    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths:

Below is my modules.d\system:

# Module: system
# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-system.html

- module: system
  # Syslog
  syslog:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths: C:\Filebeat\logs\*

  # Authorization logs
  auth:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths: C:\Filebeat\logs\

Below is my logstash/config/logstash-sample.conf:

input {
  beats {
    port => 5044
  }
}

output {
  s3 {
    region => "eu-west-1"
    bucket => "mybucket"
    role_arn => "arn:aws:iam::111111111111:role/myrole"
  }
}

I ran .\filebeat.exe -e and this is my output:

{"log.level":"info","@timestamp":"2024-02-15T15:29:13.259Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configur
e","file.name":"instance/beat.go","file.line":811},"message":"Home path: [C:\\Filebeat] Config path: [C:\\Filebeat] Data path: [C:\\Filebeat\\data] Log
s path: [C:\\Filebeat\\logs]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.421Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/inst
ance.(*Beat).loadMeta","file.name":"instance/beat.go","file.line":902},"message":"Beat metadata path: C:\\Filebeat\\data\\meta.json","service.name":"fi
lebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.422Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configur
e","file.name":"instance/beat.go","file.line":819},"message":"Beat ID: 9091b0bc-c35d-495b-afd2-0df9d85cd87a","service.name":"filebeat","ecs.version":"1
.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.440Z","log.logger":"conditions","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/co
nditions.NewCondition","file.name":"conditions/conditions.go","file.line":98},"message":"New condition contains: map[]","service.name":"filebeat","ecs.
version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.441Z","log.logger":"conditions","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/co
nditions.NewCondition","file.name":"conditions/conditions.go","file.line":98},"message":"New condition !contains: map[]","service.name":"filebeat","ecs
.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.441Z","log.logger":"docker","log.origin":{"function":"github.com/elastic/elastic-agent-autodisco
ver/docker.NewClient","file.name":"docker/client.go","file.line":49},"message":"Docker client will negotiate the API version on the first request.","se
rvice.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.441Z","log.logger":"add_docker_metadata","log.origin":{"function":"github.com/elastic/beats/v7/l
ibbeat/processors/add_docker_metadata.buildDockerMetadataProcessor","file.name":"add_docker_metadata/add_docker_metadata.go","file.line":89},"message":
"add_docker_metadata: docker environment not detected: protocol not available","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.443Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":130},"message":"add_cl
oud_metadata: starting to fetch metadata, timeout=3s","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.446Z","log.logger":"kubernetes","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pr
ocessors/add_kubernetes_metadata.(*kubernetesAnnotator).init.func1","file.name":"add_kubernetes_metadata/kubernetes.go","file.line":152},"message":"Cou
ld not create kubernetes client using in_cluster config: unable to build kube config due to error: invalid configuration: no configuration has been pro
vided, try setting KUBERNETES_MASTER environment variable","service.name":"filebeat","libbeat.processor":"add_kubernetes_metadata","ecs.version":"1.6.0
"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.471Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cl
oud_metadata: received disposition for digitalocean after 27.9967ms. result=[provider:digitalocean, error=failed with http status code 404, metadata={}
]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T15:29:13.497Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cl
oud_metadata: received error failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.597Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cl
oud_metadata: received disposition for azure after 153.9976ms. result=[provider:azure, error=failed with http status code 404, metadata={}]","service.n
ame":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T15:29:13.598Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cl
oud_metadata: received error failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.598Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cl
oud_metadata: received disposition for gcp after 154.9993ms. result=[provider:gcp, error=failed with http status code 404, metadata={}]","service.name"
:"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T15:29:13.598Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cl
oud_metadata: received error failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.600Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cl
oud_metadata: received disposition for huawei after 157.0087ms. result=[provider:huawei, error=failed with http status code 404, metadata={}]","service
.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T15:29:13.602Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cl
oud_metadata: received error failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.604Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cl
oud_metadata: received disposition for hetzner after 161.0203ms. result=[provider:hetzner, error=failed with http status code 404, metadata={}]","servi
ce.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T15:29:13.606Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cl
oud_metadata: received error failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.684Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cl
oud_metadata: received disposition for openstack after 240.9994ms. result=[provider:openstack, error=<nil>, metadata={\"cloud\":{\"availability_zone\":
\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4b7325a712ccee\",\"name\":\"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\"},\"machine\":{\"typ
e\":\"t2.small\"},\"provider\":\"openstack\",\"service\":{\"name\":\"Nova\"}}}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.697Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata.func1","file.name":"add_cloud_metadata/providers.go","file.line":133},"message":"
add_cloud_metadata: fetchMetadata ran for 253.9997ms","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.719Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/lib
beat/processors/add_cloud_metadata.(*addCloudMetadata).init.func1","file.name":"add_cloud_metadata/add_cloud_metadata.go","file.line":104},"message":"a
dd_cloud_metadata: hosting provider type detected as openstack, metadata={\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4
b7325a712ccee\",\"name\":\"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\"},\"machine\":{\"type\":\"t2.small\"},\"provider\":\"openstack\"
,\"service\":{\"name\":\"Nova\"}}}","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.723Z","log.logger":"processors","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pr
ocessors.New","file.name":"processors/processor.go","file.line":114},"message":"Generated new processors: add_host_metadata=[netinfo.enabled=[true], ca
che.ttl=[5m0s]], condition=!contains: map[], add_cloud_metadata={\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4b7325a712
ccee\",\"name\":\"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\"},\"machine\":{\"type\":\"t2.small\"},\"provider\":\"openstack\",\"servic
e\":{\"name\":\"Nova\"}}}, add_docker_metadata=[match_fields=[] match_pids=[process.pid, process.parent.pid]], add_kubernetes_metadata","service.name":
"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.726Z","log.logger":"seccomp","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/commo
n/seccomp.loadFilter","file.name":"seccomp/seccomp.go","file.line":97},"message":"Syscall filtering is only supported on Linux","service.name":"filebea
t","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.728Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/insta
nce.logSystemInfo","file.name":"instance/beat.go","file.line":1337},"message":"Beat info","service.name":"filebeat","system_info":{"beat":{"path":{"con
fig":"C:\\Filebeat","data":"C:\\Filebeat\\data","home":"C:\\Filebeat","logs":"C:\\Filebeat\\logs"},"type":"filebeat","uuid":"9091b0bc-c35d-495b-afd2-0d
f9d85cd87a"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.733Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/insta
nce.logSystemInfo","file.name":"instance/beat.go","file.line":1346},"message":"Build info","service.name":"filebeat","system_info":{"build":{"commit":"
c7ec8f634ed6052674762b32fa640087d32f165f","libbeat":"8.12.1","time":"2024-02-01T12:00:16.000Z","version":"8.12.1"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.741Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/insta
nce.logSystemInfo","file.name":"instance/beat.go","file.line":1349},"message":"Go runtime info","service.name":"filebeat","system_info":{"go":{"os":"wi
ndows","arch":"amd64","max_procs":1,"version":"go1.20.12"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.750Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/insta
nce.logSystemInfo","file.name":"instance/beat.go","file.line":1355},"message":"Host info","service.name":"filebeat","system_info":{"host":{"architectur
e":"x86_64","boot_time":"2024-02-14T14:04:59Z","name":"ec2amaz-n6l6q6q","ip":["10.147.119.41","::1","127.0.0.1"],"kernel_version":"10.0.14393.6611 (rs1
_release.231218-1733)","mac":["06:f8:7d:88:81:b7"],"os":{"type":"windows","family":"windows","platform":"windows","name":"Windows Server 2016 Datacente
r","version":"10.0","major":10,"minor":0,"patch":0,"build":"14393.6614"},"timezone":"UTC","timezone_offset_sec":0,"id":"556cb70f-336b-45e2-9ac3-ac04379
e7ccd"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.752Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/insta
nce.logSystemInfo","file.name":"instance/beat.go","file.line":1384},"message":"Process info","service.name":"filebeat","system_info":{"process":{"cwd":
"C:\\Filebeat","exe":"C:\\Filebeat\\filebeat.exe","name":"filebeat.exe","pid":5692,"ppid":4852,"start_time":"2024-02-15T15:29:13.012Z"},"ecs.version":"
1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.784Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).createBe
ater","file.name":"instance/beat.go","file.line":334},"message":"Setup Beat: filebeat; Version: 8.12.1","service.name":"filebeat","ecs.version":"1.6.0"
}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.814Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/inst
ance.(*Beat).createBeater","file.name":"instance/beat.go","file.line":362},"message":"Initializing output plugins","service.name":"filebeat","ecs.versi
on":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.846Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pub
lisher/pipeline.(*eventConsumer).run","file.name":"pipeline/consumer.go","file.line":110},"message":"start pipeline event consumer","service.name":"fil
ebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.851Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/publ
isher/pipeline.LoadWithSettings","file.name":"pipeline/module.go","file.line":105},"message":"Beat name: EC2AMAZ-N6L6Q6Q","service.name":"filebeat","ec
s.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.853Z","log.logger":"modules","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/files
et.newModuleRegistry","file.name":"fileset/modules.go","file.line":135},"message":"Enabled modules/filesets: ","service.name":"filebeat","ecs.version":
"1.6.0"}
{"log.level":"warn","@timestamp":"2024-02-15T15:29:13.854Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).setupPipe
lineLoaderCallback","file.name":"beater/filebeat.go","file.line":193},"message":"Filebeat is unable to load the ingest pipelines for the configured mod
ules because the Elasticsearch output is not configured/enabled. If you have already loaded the ingest pipelines or are using Logstash pipelines, you c
an ignore this warning.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.856Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch",
"file.name":"instance/beat.go","file.line":520},"message":"filebeat start running.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.860Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registr
ar.isFile","file.name":"registrar/migrate.go","file.line":287},"message":"isFile(C:\\Filebeat\\data\\registry) -> false","service.name":"filebeat","ecs
.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.862Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registr
ar.isFile","file.name":"registrar/migrate.go","file.line":287},"message":"isFile() -> false","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.864Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registr
ar.isDir","file.name":"registrar/migrate.go","file.line":280},"message":"isDir(C:\\Filebeat\\data\\registry\\filebeat) -> true","service.name":"filebea
t","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.866Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registr
ar.isFile","file.name":"registrar/migrate.go","file.line":287},"message":"isFile(C:\\Filebeat\\data\\registry\\filebeat\\meta.json) -> true","service.n
ame":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.868Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/re
gistrar.(*Migrator).Run","file.name":"registrar/migrate.go","file.line":82},"message":"Registry type '1' found","service.name":"filebeat","ecs.version"
:"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.877Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/statestore/backend/memlog.ope
nStore","file.name":"memlog/store.go","file.line":134},"message":"Finished loading transaction log file for 'C:\\Filebeat\\data\\registry\\filebeat'. A
ctive transaction id=0","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.862Z","log.logger":"service","log.origin":{"function":"github.com/elastic/elastic-agent-libs/ser
vice.ProcessWindowsControlEvents","file.name":"service/service_windows.go","file.line":134},"message":"Windows is interactive: true","service.name":"fi
lebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.862Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pub
lisher/pipeline.(*queueReader).run","file.name":"pipeline/queue_reader.go","file.line":49},"message":"pipeline event consumer queue reader: start","ser
vice.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.862Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/mon
itoring/report/log.(*reporter).snapshotLoop","file.name":"log/log.go","file.line":145},"message":"Starting metrics logging every 30s","service.name":"f
ilebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.949Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/statestore/backend/memlog.ope
nStore","file.name":"memlog/store.go","file.line":134},"message":"Finished loading transaction log file for 'C:\\Filebeat\\data\\registry\\filebeat'. A
ctive transaction id=0","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2024-02-15T15:29:13.952Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).Run","fil
e.name":"beater/filebeat.go","file.line":331},"message":"Filebeat is unable to load the ingest pipelines for the configured modules because the Elastic
search output is not configured/enabled. If you have already loaded the ingest pipelines or are using Logstash pipelines, you can ignore this warning."
,"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.957Z","log.logger":"input","log.origin":{"function":"github.com/elastic/beats/v7/x-pack/filebeat/
input/shipper.NewInputManager","file.name":"shipper/input.go","file.line":55},"message":"creating new InputManager","service.name":"filebeat","ecs.vers
ion":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.958Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/reg
istrar.(*Registrar).loadStates","file.name":"registrar/registrar.go","file.line":107},"message":"States Loaded from registrar: 0","service.name":"fileb
eat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.960Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beate
r.(*crawler).Start","file.name":"beater/crawler.go","file.line":71},"message":"Loading Inputs: 1","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.961Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beate
r.(*crawler).startInput","file.name":"beater/crawler.go","file.line":117},"message":"starting input, keys present on the config: [filebeat.inputs.0.ena
bled filebeat.inputs.0.id filebeat.inputs.0.paths.0 filebeat.inputs.0.type]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.963Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beate
r.(*crawler).startInput","file.name":"beater/crawler.go","file.line":121},"message":"input disabled, skipping it","service.name":"filebeat","ecs.versio
n":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.967Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfi
le.(*Reloader).Check","file.name":"cfgfile/reload.go","file.line":131},"message":"Checking module configs from: C:\\Filebeat/modules.d/*.yml","service.
name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.970Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfi
le.LoadList","file.name":"cfgfile/cfgfile.go","file.line":204},"message":"Load config from file: C:\\Filebeat\\modules.d\\logstash.yml","service.name":
"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.972Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfi
le.LoadList","file.name":"cfgfile/cfgfile.go","file.line":204},"message":"Load config from file: C:\\Filebeat\\modules.d\\system.yml","service.name":"f
ilebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.973Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfi
le.(*Reloader).Check","file.name":"cfgfile/reload.go","file.line":145},"message":"Number of module configs found: 2","service.name":"filebeat","ecs.ver
sion":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:13.967Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/re
gistrar.(*Registrar).Run","file.name":"registrar/registrar.go","file.line":138},"message":"Starting Registrar","service.name":"filebeat","ecs.version":
"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.988Z","log.logger":"modules","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/files
et.newModuleRegistry","file.name":"fileset/modules.go","file.line":135},"message":"Enabled modules/filesets: logstash (log)","service.name":"filebeat",
"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.992Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop","fil
e.name":"beater/crawler.go","file.line":155},"message":"Stopping Crawler","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.995Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop","fil
e.name":"beater/crawler.go","file.line":165},"message":"Stopping 0 inputs","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.997Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop","fil
e.name":"beater/crawler.go","file.line":185},"message":"Crawler stopped","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:13.998Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/reg
istrar.(*Registrar).Stop","file.name":"registrar/registrar.go","file.line":130},"message":"Stopping Registrar","service.name":"filebeat","ecs.version":
"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:14.000Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/reg
istrar.(*Registrar).Run","file.name":"registrar/registrar.go","file.line":164},"message":"Ending Registrar","service.name":"filebeat","ecs.version":"1.
6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T15:29:14.004Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/re
gistrar.(*Registrar).Run","file.name":"registrar/registrar.go","file.line":165},"message":"Stopping Registrar","service.name":"filebeat","ecs.version":
"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:14.006Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/reg
istrar.(*Registrar).Stop","file.name":"registrar/registrar.go","file.line":135},"message":"Registrar stopped","service.name":"filebeat","ecs.version":"
1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:14.018Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/mon
itoring/report/log.(*reporter).logTotals","file.name":"log/log.go","file.line":195},"message":"Total metrics","service.name":"filebeat","monitoring":{"
metrics":{"beat":{"cpu":{"system":{"ticks":312,"time":{"ms":312}},"total":{"ticks":499,"time":{"ms":499},"value":499},"user":{"ticks":187,"time":{"ms":
187}}},"info":{"ephemeral_id":"78b6f766-7cd0-48a0-bb16-a399501c1a31","name":"filebeat","uptime":{"ms":890},"version":"8.12.1"},"memstats":{"gc_next":37
762120,"memory_alloc":22272848,"memory_sys":52656408,"memory_total":61965616,"rss":80736256},"runtime":{"goroutines":19}},"filebeat":{"events":{"active
":0,"added":0,"done":0},"harvester":{"closed":0,"open_files":0,"running":0,"skipped":0,"started":0},"input":{"log":{"files":{"renamed":0,"truncated":0}
},"netflow":{"flows":0,"packets":{"dropped":0,"received":0}}}},"libbeat":{"config":{"module":{"running":0,"starts":0,"stops":0},"reloads":0,"scans":0},
"output":{"batches":{"split":0},"events":{"acked":0,"active":0,"batches":0,"dropped":0,"duplicates":0,"failed":0,"toomany":0,"total":0},"read":{"bytes"
:0,"errors":0},"type":"logstash","write":{"bytes":0,"errors":0}},"pipeline":{"clients":0,"events":{"active":0,"dropped":0,"failed":0,"filtered":0,"publ
ished":0,"retry":0,"total":0},"queue":{"acked":0,"max_events":3200}}},"processor":{"add_host_metadata":{"fqdn_lookup_failed":0}},"registrar":{"states":
{"cleanup":0,"current":0,"update":0},"writes":{"fail":0,"success":0,"total":0}},"system":{"cpu":{"cores":1},"handles":{"open":295}}},"ecs.version":"1.6
.0"}}
{"log.level":"info","@timestamp":"2024-02-15T15:29:14.022Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/mon
itoring/report/log.(*reporter).logTotals","file.name":"log/log.go","file.line":196},"message":"Uptime: 899.9994ms","service.name":"filebeat","ecs.versi
on":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:14.028Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/mon
itoring/report/log.(*reporter).snapshotLoop","file.name":"log/log.go","file.line":163},"message":"Stopping metrics logging.","service.name":"filebeat",
"ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T15:29:14.031Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch",
"file.name":"instance/beat.go","file.line":532},"message":"filebeat stopped.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T15:29:14.034Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.handleError","f
ile.name":"instance/beat.go","file.line":1312},"message":"Exiting: Failed to start crawler: creating module reloader failed: could not create module re
gistry for filesets: error getting config for fileset logstash/log: Error interpreting the template of the input: template: text:3:22: executing \"text
\" at <.paths>: range can't iterate over C:\\Filebeat\\logs\\*","service.name":"filebeat","ecs.version":"1.6.0"}
Exiting: Failed to start crawler: creating module reloader failed: could not create module registry for filesets: error getting config for fileset logs
tash/log: Error interpreting the template of the input: template: text:3:22: executing "text" at <.paths>: range can't iterate over C:\Filebeat\logs\*
PS C:\Filebeat>

Any help will be appreciated. thanks
Regards,
Tiziano

Is the directory writeable? Filebeat needs to write some files / directories

Also, that output does not look like it's from the config above because it's trying to read

range can't iterate over C:\Filebeat\logs\* PS C:\Filebeat>

Which shows disabled above but looks like it's trying to read it.

Oh I see you have them in the system. Module..

Don't do that :slight_smile:

Just leave those paths commented out and filebeat will pick them up automatically. That's what it's supposed to be

Defining path that aren't there

1 Like

Hello @stephenb thanks for helping out, I really appreciate :slight_smile:

I made the whole folders filebeat and logstash writeable. I also edited system.yml and logstash.yml as suggested.

However, I'm still facing issues...

I modified both system.yml and logstash.yml (see below):

# Module: system
# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-system.html

- module: system
  # Syslog
  syslog:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths: C:\Filebeat\logs\*

  # Authorization logs
  auth:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths: C:\Filebeat\logs\*
# Module: logstash
# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-logstash.html

- module: logstash
  # logs
  log:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths: C:\Filebeat\logs\*

  # Slow logs
  slowlog:
    enabled: false
    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths:

I then ran once again .\filebeat.exe -e and this is my output:



{"log.level":"info","@timestamp":"2024-02-15T16:54:01.402Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure","file.nam
e":"instance/beat.go","file.line":811},"message":"Home path: [C:\\Filebeat] Config path: [C:\\Filebeat] Data path: [C:\\Filebeat\\data] Logs path: [C:\\Filebeat\\l
ogs]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:01.613Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat)
.loadMeta","file.name":"instance/beat.go","file.line":902},"message":"Beat metadata path: C:\\Filebeat\\data\\meta.json","service.name":"filebeat","ecs.version":"1
.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:01.614Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure","file.nam
e":"instance/beat.go","file.line":819},"message":"Beat ID: 9091b0bc-c35d-495b-afd2-0df9d85cd87a","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:01.633Z","log.logger":"conditions","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/conditions.New
Condition","file.name":"conditions/conditions.go","file.line":98},"message":"New condition contains: map[]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:01.634Z","log.logger":"conditions","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/conditions.New
Condition","file.name":"conditions/conditions.go","file.line":98},"message":"New condition !contains: map[]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:01.634Z","log.logger":"docker","log.origin":{"function":"github.com/elastic/elastic-agent-autodiscover/docker.N
ewClient","file.name":"docker/client.go","file.line":49},"message":"Docker client will negotiate the API version on the first request.","service.name":"filebeat","
ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:01.635Z","log.logger":"add_docker_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proce
ssors/add_docker_metadata.buildDockerMetadataProcessor","file.name":"add_docker_metadata/add_docker_metadata.go","file.line":89},"message":"add_docker_metadata: do
cker environment not detected: protocol not available","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:01.635Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proces
sors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":130},"message":"add_cloud_metadata: starting t
o fetch metadata, timeout=3s","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:01.646Z","log.logger":"kubernetes","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add
_kubernetes_metadata.(*kubernetesAnnotator).init.func1","file.name":"add_kubernetes_metadata/kubernetes.go","file.line":152},"message":"Could not create kubernetes
 client using in_cluster config: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER
 environment variable","service.name":"filebeat","libbeat.processor":"add_kubernetes_metadata","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:01.837Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proces
sors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received d
isposition for huawei after 201.998ms. result=[provider:huawei, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1.6.
0"}
{"log.level":"error","@timestamp":"2024-02-15T16:54:01.842Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proces
sors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received e
rror failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:01.842Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proces
sors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received d
isposition for hetzner after 206.9996ms. result=[provider:hetzner, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1
.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T16:54:01.842Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proces
sors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received e
rror failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:01.842Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proces
sors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received d
isposition for digitalocean after 206.9996ms. result=[provider:digitalocean, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.v
ersion":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T16:54:01.842Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proces
sors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received e
rror failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:01.843Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proces
sors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received d
isposition for azure after 207.9989ms. result=[provider:azure, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1.6.0
"}
{"log.level":"error","@timestamp":"2024-02-15T16:54:01.844Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proces
sors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received e
rror failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:01.846Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proces
sors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received d
isposition for gcp after 210.9996ms. result=[provider:gcp, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T16:54:01.847Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proces
sors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received e
rror failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:01.980Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proces
sors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received d
isposition for openstack after 344.9998ms. result=[provider:openstack, error=<nil>, metadata={\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"instance\":{\"id\":
\"i-00a4b7325a712ccee\",\"name\":\"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\"},\"machine\":{\"type\":\"t2.small\"},\"provider\":\"openstack\",\"s
ervice\":{\"name\":\"Nova\"}}}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.006Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/proces
sors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata.func1","file.name":"add_cloud_metadata/providers.go","file.line":133},"message":"add_cloud_metadata: fetc
hMetadata ran for 371.0026ms","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.068Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/process
ors/add_cloud_metadata.(*addCloudMetadata).init.func1","file.name":"add_cloud_metadata/add_cloud_metadata.go","file.line":104},"message":"add_cloud_metadata: hosti
ng provider type detected as openstack, metadata={\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4b7325a712ccee\",\"name\":\"ip-10-147
-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\"},\"machine\":{\"type\":\"t2.small\"},\"provider\":\"openstack\",\"service\":{\"name\":\"Nova\"}}}","service.nam
e":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.074Z","log.logger":"processors","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors.New
","file.name":"processors/processor.go","file.line":114},"message":"Generated new processors: add_host_metadata=[netinfo.enabled=[true], cache.ttl=[5m0s]], conditi
on=!contains: map[], add_cloud_metadata={\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4b7325a712ccee\",\"name\":\"ip-10-147-119-41.a
lpsec.ew1.alpha-dev.private.gemalto.com.\"},\"machine\":{\"type\":\"t2.small\"},\"provider\":\"openstack\",\"service\":{\"name\":\"Nova\"}}}, add_docker_metadata=[
match_fields=[] match_pids=[process.pid, process.parent.pid]], add_kubernetes_metadata","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.088Z","log.logger":"seccomp","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/common/seccomp.lo
adFilter","file.name":"seccomp/seccomp.go","file.line":97},"message":"Syscall filtering is only supported on Linux","service.name":"filebeat","ecs.version":"1.6.0"
}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.094Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSyste
mInfo","file.name":"instance/beat.go","file.line":1337},"message":"Beat info","service.name":"filebeat","system_info":{"beat":{"path":{"config":"C:\\Filebeat","dat
a":"C:\\Filebeat\\data","home":"C:\\Filebeat","logs":"C:\\Filebeat\\logs"},"type":"filebeat","uuid":"9091b0bc-c35d-495b-afd2-0df9d85cd87a"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.100Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSyste
mInfo","file.name":"instance/beat.go","file.line":1346},"message":"Build info","service.name":"filebeat","system_info":{"build":{"commit":"c7ec8f634ed6052674762b32
fa640087d32f165f","libbeat":"8.12.1","time":"2024-02-01T12:00:16.000Z","version":"8.12.1"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.102Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSyste
mInfo","file.name":"instance/beat.go","file.line":1349},"message":"Go runtime info","service.name":"filebeat","system_info":{"go":{"os":"windows","arch":"amd64","m
ax_procs":1,"version":"go1.20.12"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.129Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSyste
mInfo","file.name":"instance/beat.go","file.line":1355},"message":"Host info","service.name":"filebeat","system_info":{"host":{"architecture":"x86_64","boot_time":
"2024-02-14T14:04:59Z","name":"ec2amaz-n6l6q6q","ip":["10.147.119.41","::1","127.0.0.1"],"kernel_version":"10.0.14393.6611 (rs1_release.231218-1733)","mac":["06:f8
:7d:88:81:b7"],"os":{"type":"windows","family":"windows","platform":"windows","name":"Windows Server 2016 Datacenter","version":"10.0","major":10,"minor":0,"patch"
:0,"build":"14393.6614"},"timezone":"UTC","timezone_offset_sec":0,"id":"556cb70f-336b-45e2-9ac3-ac04379e7ccd"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.135Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSyste
mInfo","file.name":"instance/beat.go","file.line":1384},"message":"Process info","service.name":"filebeat","system_info":{"process":{"cwd":"C:\\Filebeat","exe":"C:
\\Filebeat\\filebeat.exe","name":"filebeat.exe","pid":4008,"ppid":5312,"start_time":"2024-02-15T16:54:01.134Z"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.139Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).createBeater","file.
name":"instance/beat.go","file.line":334},"message":"Setup Beat: filebeat; Version: 8.12.1","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.228Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat)
.createBeater","file.name":"instance/beat.go","file.line":362},"message":"Initializing output plugins","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.256Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/publisher/pipel
ine.(*eventConsumer).run","file.name":"pipeline/consumer.go","file.line":110},"message":"start pipeline event consumer","service.name":"filebeat","ecs.version":"1.
6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.262Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/publisher/pipeli
ne.LoadWithSettings","file.name":"pipeline/module.go","file.line":105},"message":"Beat name: EC2AMAZ-N6L6Q6Q","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.264Z","log.logger":"modules","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/fileset.newModule
Registry","file.name":"fileset/modules.go","file.line":135},"message":"Enabled modules/filesets: ","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2024-02-15T16:54:02.265Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).setupPipelineLoaderCa
llback","file.name":"beater/filebeat.go","file.line":193},"message":"Filebeat is unable to load the ingest pipelines for the configured modules because the Elastic
search output is not configured/enabled. If you have already loaded the ingest pipelines or are using Logstash pipelines, you can ignore this warning.","service.na
me":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.267Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch","file.name":
"instance/beat.go","file.line":520},"message":"filebeat start running.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.273Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.isFile","
file.name":"registrar/migrate.go","file.line":287},"message":"isFile(C:\\Filebeat\\data\\registry) -> false","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.275Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.isFile","
file.name":"registrar/migrate.go","file.line":287},"message":"isFile() -> false","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.277Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.isDir","f
ile.name":"registrar/migrate.go","file.line":280},"message":"isDir(C:\\Filebeat\\data\\registry\\filebeat) -> true","service.name":"filebeat","ecs.version":"1.6.0"
}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.279Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.isFile","
file.name":"registrar/migrate.go","file.line":287},"message":"isFile(C:\\Filebeat\\data\\registry\\filebeat\\meta.json) -> true","service.name":"filebeat","ecs.ver
sion":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.281Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Mi
grator).Run","file.name":"registrar/migrate.go","file.line":82},"message":"Registry type '1' found","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.275Z","log.logger":"service","log.origin":{"function":"github.com/elastic/elastic-agent-libs/service.Process
WindowsControlEvents","file.name":"service/service_windows.go","file.line":134},"message":"Windows is interactive: true","service.name":"filebeat","ecs.version":"1
.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.275Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/publisher/pipel
ine.(*queueReader).run","file.name":"pipeline/queue_reader.go","file.line":49},"message":"pipeline event consumer queue reader: start","service.name":"filebeat","e
cs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.275Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/repo
rt/log.(*reporter).snapshotLoop","file.name":"log/log.go","file.line":145},"message":"Starting metrics logging every 30s","service.name":"filebeat","ecs.version":"
1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.364Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/statestore/backend/memlog.openStore","fil
e.name":"memlog/store.go","file.line":134},"message":"Finished loading transaction log file for 'C:\\Filebeat\\data\\registry\\filebeat'. Active transaction id=0",
"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.371Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/statestore/backend/memlog.openStore","fil
e.name":"memlog/store.go","file.line":134},"message":"Finished loading transaction log file for 'C:\\Filebeat\\data\\registry\\filebeat'. Active transaction id=0",
"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2024-02-15T16:54:02.377Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).Run","file.name":"bea
ter/filebeat.go","file.line":331},"message":"Filebeat is unable to load the ingest pipelines for the configured modules because the Elasticsearch output is not con
figured/enabled. If you have already loaded the ingest pipelines or are using Logstash pipelines, you can ignore this warning.","service.name":"filebeat","ecs.vers
ion":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.379Z","log.logger":"input","log.origin":{"function":"github.com/elastic/beats/v7/x-pack/filebeat/input/shippe
r.NewInputManager","file.name":"shipper/input.go","file.line":55},"message":"creating new InputManager","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.380Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Reg
istrar).loadStates","file.name":"registrar/registrar.go","file.line":107},"message":"States Loaded from registrar: 0","service.name":"filebeat","ecs.version":"1.6.
0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.382Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler)
.Start","file.name":"beater/crawler.go","file.line":71},"message":"Loading Inputs: 1","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.383Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler)
.startInput","file.name":"beater/crawler.go","file.line":117},"message":"starting input, keys present on the config: [filebeat.inputs.0.enabled filebeat.inputs.0.i
d filebeat.inputs.0.paths.0 filebeat.inputs.0.type]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.394Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler)
.startInput","file.name":"beater/crawler.go","file.line":121},"message":"input disabled, skipping it","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.396Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.(*Reloade
r).Check","file.name":"cfgfile/reload.go","file.line":131},"message":"Checking module configs from: C:\\Filebeat/modules.d/*.yml","service.name":"filebeat","ecs.ve
rsion":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.398Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.LoadList"
,"file.name":"cfgfile/cfgfile.go","file.line":204},"message":"Load config from file: C:\\Filebeat\\modules.d\\logstash.yml","service.name":"filebeat","ecs.version"
:"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.400Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.LoadList"
,"file.name":"cfgfile/cfgfile.go","file.line":204},"message":"Load config from file: C:\\Filebeat\\modules.d\\system.yml","service.name":"filebeat","ecs.version":"
1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.402Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.(*Reloade
r).Check","file.name":"cfgfile/reload.go","file.line":145},"message":"Number of module configs found: 2","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.394Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Re
gistrar).Run","file.name":"registrar/registrar.go","file.line":138},"message":"Starting Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.412Z","log.logger":"modules","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/fileset.newModule
Registry","file.name":"fileset/modules.go","file.line":135},"message":"Enabled modules/filesets: logstash (log)","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2024-02-15T16:54:02.414Z","log.logger":"cfgwarn","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/log.NewInpu
t.func1","file.name":"log/input.go","file.line":90},"message":"DEPRECATED: Log input. Use Filestream input instead.","service.name":"filebeat","ecs.version":"1.6.0
"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.429Z","log.logger":"input","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/log.(*config
).resolveRecursiveGlobs","file.name":"log/config.go","file.line":207},"message":"recursive glob enabled","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.431Z","log.logger":"input","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/log.(*Input)
.loadStates","file.name":"log/input.go","file.line":188},"message":"exclude_files: [(?-s:.)gz(?-m:$)]. Number of states: 0","service.name":"filebeat","input_id":"c
3c804ec-3114-40fe-8af3-f9d990362ba3","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.432Z","log.logger":"input","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/log.(*Input)
.loadStates","file.name":"log/input.go","file.line":221},"message":"input with previous states loaded: 0","service.name":"filebeat","input_id":"c3c804ec-3114-40fe-
8af3-f9d990362ba3","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.438Z","log.logger":"input","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/log.NewInput"
,"file.name":"log/input.go","file.line":174},"message":"Configured paths: [c:\\programdata\\logstash\\logs\\logstash-plain*.log c:\\programdata\\logstash\\logs\\lo
gstash-json*.log]","service.name":"filebeat","input_id":"c3c804ec-3114-40fe-8af3-f9d990362ba3","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.442Z","log.logger":"modules","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/fileset.newModule
Registry","file.name":"fileset/modules.go","file.line":135},"message":"Enabled modules/filesets: system (auth), system (syslog)","service.name":"filebeat","ecs.ver
sion":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.500Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop","file.name":"bea
ter/crawler.go","file.line":155},"message":"Stopping Crawler","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.504Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop","file.name":"bea
ter/crawler.go","file.line":165},"message":"Stopping 0 inputs","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.506Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop","file.name":"bea
ter/crawler.go","file.line":185},"message":"Crawler stopped","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.507Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Reg
istrar).Stop","file.name":"registrar/registrar.go","file.line":130},"message":"Stopping Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.509Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Reg
istrar).Run","file.name":"registrar/registrar.go","file.line":164},"message":"Ending Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T16:54:02.510Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Re
gistrar).Run","file.name":"registrar/registrar.go","file.line":165},"message":"Stopping Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.516Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Reg
istrar).Stop","file.name":"registrar/registrar.go","file.line":135},"message":"Registrar stopped","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.534Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/repo
rt/log.(*reporter).logTotals","file.name":"log/log.go","file.line":195},"message":"Total metrics","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cpu":
{"system":{"ticks":328,"time":{"ms":328}},"total":{"ticks":531,"time":{"ms":531},"value":531},"user":{"ticks":203,"time":{"ms":203}}},"info":{"ephemeral_id":"74834
0af-d1b3-4410-9416-9963fea87a2a","name":"filebeat","uptime":{"ms":1271},"version":"8.12.1"},"memstats":{"gc_next":37801632,"memory_alloc":22618600,"memory_sys":526
56408,"memory_total":62304264,"rss":81264640},"runtime":{"goroutines":17}},"filebeat":{"events":{"active":0,"added":0,"done":0},"harvester":{"closed":0,"open_files
":0,"running":0,"skipped":0,"started":0},"input":{"log":{"files":{"renamed":0,"truncated":0}},"netflow":{"flows":0,"packets":{"dropped":0,"received":0}}}},"libbeat
":{"config":{"module":{"running":0,"starts":0,"stops":0},"reloads":0,"scans":0},"output":{"batches":{"split":0},"events":{"acked":0,"active":0,"batches":0,"dropped
":0,"duplicates":0,"failed":0,"toomany":0,"total":0},"read":{"bytes":0,"errors":0},"type":"logstash","write":{"bytes":0,"errors":0}},"pipeline":{"clients":0,"event
s":{"active":0,"dropped":0,"failed":0,"filtered":0,"published":0,"retry":0,"total":0},"queue":{"acked":0,"max_events":3200}}},"processor":{"add_host_metadata":{"fq
dn_lookup_failed":0}},"registrar":{"states":{"cleanup":0,"current":0,"update":0},"writes":{"fail":0,"success":0,"total":0}},"system":{"cpu":{"cores":1},"handles":{
"open":295}}},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.568Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/repo
rt/log.(*reporter).logTotals","file.name":"log/log.go","file.line":196},"message":"Uptime: 1.308009s","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.573Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/repo
rt/log.(*reporter).snapshotLoop","file.name":"log/log.go","file.line":163},"message":"Stopping metrics logging.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T16:54:02.578Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch","file.name":
"instance/beat.go","file.line":532},"message":"filebeat stopped.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T16:54:02.580Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.handleError","file.name":"i
nstance/beat.go","file.line":1312},"message":"Exiting: Failed to start crawler: creating module reloader failed: error checking input configuration: No paths were
defined for input accessing config","service.name":"filebeat","ecs.version":"1.6.0"}
Exiting: Failed to start crawler: creating module reloader failed: error checking input configuration: No paths were defined for input accessing config
PS C:\Filebeat>

I tried as well to start filebeat service but I kept receiving the same error that I showed previously. Thanks.

Regards,
Tiziano

The system module collects and parses logs created by the system logging service of common Unix/Linux based distributions.

So the system module does not work for Windows. I'm sorry I should have told you that right in the beginning. So disable it.

For logstash module you will need to set the path... To where logstash is / logs path ...

What do you actually trying to read or are you just testing and playing?

Hello @stephenb ,

Thank you for letting me know. I disabled system module (see below):

# Module: system
# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-system.html

- module: system
  # Syslog
  syslog:
    enabled: false

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths: C:\Filebeat\logs\*

  # Authorization logs
  auth:
    enabled: false

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths: C:\Filebeat\logs\*

Then, for logstash module I did set the path (see below):

# Module: logstash
# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-logstash.html

- module: logstash
  # logs
  log:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths: C:\Filebeat\logs\*

  # Slow logs
  slowlog:
    enabled: false
    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths:

So far I'm just testing and playing. However, my final goal is to send logs from logstash to S3 (logstash has a plugin output for S3). Basically I installed both filebeat and logstash in AWS EC2 instance and, from there, I'm willing to send logs to an S3 bucket.

Btw, after doing the changes I'm still facing the same issues. If I run Start-Service filebeat (where I have my filebeat.exe) I still get the error below:

Start-Service : Failed to start service 'filebeat (filebeat)'.
At line:1 char:1
+ Start-Service filebeat
+ ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController)
    + FullyQualifiedErrorId : StartServiceFailed,Microsoft.PowerShell.Commands.StartServiceCommand

I ran once again the command .\filebeat.exe -e and this is my output:



{"log.level":"info","@timestamp":"2024-02-15T17:14:17.057Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure","file.name":"in
stance/beat.go","file.line":811},"message":"Home path: [C:\\Filebeat] Config path: [C:\\Filebeat] Data path: [C:\\Filebeat\\data] Logs path: [C:\\Filebeat\\logs]","servi
ce.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.214Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).loadM
eta","file.name":"instance/beat.go","file.line":902},"message":"Beat metadata path: C:\\Filebeat\\data\\meta.json","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.215Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure","file.name":"in
stance/beat.go","file.line":819},"message":"Beat ID: 9091b0bc-c35d-495b-afd2-0df9d85cd87a","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.232Z","log.logger":"conditions","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/conditions.NewCondit
ion","file.name":"conditions/conditions.go","file.line":98},"message":"New condition contains: map[]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.233Z","log.logger":"conditions","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/conditions.NewCondit
ion","file.name":"conditions/conditions.go","file.line":98},"message":"New condition !contains: map[]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.234Z","log.logger":"docker","log.origin":{"function":"github.com/elastic/elastic-agent-autodiscover/docker.NewClie
nt","file.name":"docker/client.go","file.line":49},"message":"Docker client will negotiate the API version on the first request.","service.name":"filebeat","ecs.version"
:"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.234Z","log.logger":"add_docker_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/
add_docker_metadata.buildDockerMetadataProcessor","file.name":"add_docker_metadata/add_docker_metadata.go","file.line":89},"message":"add_docker_metadata: docker environ
ment not detected: protocol not available","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.234Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/a
dd_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":130},"message":"add_cloud_metadata: starting to fetch meta
data, timeout=3s","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.237Z","log.logger":"kubernetes","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add_kuber
netes_metadata.(*kubernetesAnnotator).init.func1","file.name":"add_kubernetes_metadata/kubernetes.go","file.line":152},"message":"Could not create kubernetes client usin
g in_cluster config: unable to build kube config due to error: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment varia
ble","service.name":"filebeat","libbeat.processor":"add_kubernetes_metadata","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.273Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/a
dd_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received disposition f
or huawei after 38.9986ms. result=[provider:huawei, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T17:14:17.375Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/a
dd_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received error failed
with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.381Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/a
dd_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received disposition f
or hetzner after 147.0002ms. result=[provider:hetzner, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T17:14:17.382Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/a
dd_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received error failed
with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.383Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/a
dd_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received disposition f
or azure after 149.0009ms. result=[provider:azure, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T17:14:17.384Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/a
dd_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received error failed
with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.384Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/a
dd_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received disposition f
or digitalocean after 150.0001ms. result=[provider:digitalocean, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T17:14:17.384Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/a
dd_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received error failed
with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.391Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/a
dd_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received disposition f
or gcp after 156.9984ms. result=[provider:gcp, error=failed with http status code 404, metadata={}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T17:14:17.393Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/a
dd_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cloud_metadata: received error failed
with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.515Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/a
dd_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cloud_metadata: received disposition f
or openstack after 281.0001ms. result=[provider:openstack, error=<nil>, metadata={\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4b7325a712c
cee\",\"name\":\"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\"},\"machine\":{\"type\":\"t2.small\"},\"provider\":\"openstack\",\"service\":{\"name\":\"Nov
a\"}}}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.546Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/a
dd_cloud_metadata.(*addCloudMetadata).fetchMetadata.func1","file.name":"add_cloud_metadata/providers.go","file.line":133},"message":"add_cloud_metadata: fetchMetadata ra
n for 311.9984ms","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.563Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/ad
d_cloud_metadata.(*addCloudMetadata).init.func1","file.name":"add_cloud_metadata/add_cloud_metadata.go","file.line":104},"message":"add_cloud_metadata: hosting provider
type detected as openstack, metadata={\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4b7325a712ccee\",\"name\":\"ip-10-147-119-41.alpsec.ew1
.alpha-dev.private.gemalto.com.\"},\"machine\":{\"type\":\"t2.small\"},\"provider\":\"openstack\",\"service\":{\"name\":\"Nova\"}}}","service.name":"filebeat","ecs.versi
on":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.605Z","log.logger":"processors","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors.New","fil
e.name":"processors/processor.go","file.line":114},"message":"Generated new processors: add_host_metadata=[netinfo.enabled=[true], cache.ttl=[5m0s]], condition=!contains
: map[], add_cloud_metadata={\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4b7325a712ccee\",\"name\":\"ip-10-147-119-41.alpsec.ew1.alpha-de
v.private.gemalto.com.\"},\"machine\":{\"type\":\"t2.small\"},\"provider\":\"openstack\",\"service\":{\"name\":\"Nova\"}}}, add_docker_metadata=[match_fields=[] match_pi
ds=[process.pid, process.parent.pid]], add_kubernetes_metadata","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.612Z","log.logger":"seccomp","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/common/seccomp.loadFilt
er","file.name":"seccomp/seccomp.go","file.line":97},"message":"Syscall filtering is only supported on Linux","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.614Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo"
,"file.name":"instance/beat.go","file.line":1337},"message":"Beat info","service.name":"filebeat","system_info":{"beat":{"path":{"config":"C:\\Filebeat","data":"C:\\File
beat\\data","home":"C:\\Filebeat","logs":"C:\\Filebeat\\logs"},"type":"filebeat","uuid":"9091b0bc-c35d-495b-afd2-0df9d85cd87a"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.615Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo"
,"file.name":"instance/beat.go","file.line":1346},"message":"Build info","service.name":"filebeat","system_info":{"build":{"commit":"c7ec8f634ed6052674762b32fa640087d32f
165f","libbeat":"8.12.1","time":"2024-02-01T12:00:16.000Z","version":"8.12.1"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.634Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo"
,"file.name":"instance/beat.go","file.line":1349},"message":"Go runtime info","service.name":"filebeat","system_info":{"go":{"os":"windows","arch":"amd64","max_procs":1,
"version":"go1.20.12"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.690Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo"
,"file.name":"instance/beat.go","file.line":1355},"message":"Host info","service.name":"filebeat","system_info":{"host":{"architecture":"x86_64","boot_time":"2024-02-14T
14:04:59Z","name":"ec2amaz-n6l6q6q","ip":["10.147.119.41","::1","127.0.0.1"],"kernel_version":"10.0.14393.6611 (rs1_release.231218-1733)","mac":["06:f8:7d:88:81:b7"],"os
":{"type":"windows","family":"windows","platform":"windows","name":"Windows Server 2016 Datacenter","version":"10.0","major":10,"minor":0,"patch":0,"build":"14393.6614"}
,"timezone":"UTC","timezone_offset_sec":0,"id":"556cb70f-336b-45e2-9ac3-ac04379e7ccd"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.695Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo"
,"file.name":"instance/beat.go","file.line":1384},"message":"Process info","service.name":"filebeat","system_info":{"process":{"cwd":"C:\\Filebeat","exe":"C:\\Filebeat\\
filebeat.exe","name":"filebeat.exe","pid":1652,"ppid":5312,"start_time":"2024-02-15T17:14:16.791Z"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.698Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).createBeater","file.name":
"instance/beat.go","file.line":334},"message":"Setup Beat: filebeat; Version: 8.12.1","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.713Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).creat
eBeater","file.name":"instance/beat.go","file.line":362},"message":"Initializing output plugins","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.803Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*
eventConsumer).run","file.name":"pipeline/consumer.go","file.line":110},"message":"start pipeline event consumer","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.808Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.Loa
dWithSettings","file.name":"pipeline/module.go","file.line":105},"message":"Beat name: EC2AMAZ-N6L6Q6Q","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.810Z","log.logger":"modules","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/fileset.newModuleRegist
ry","file.name":"fileset/modules.go","file.line":135},"message":"Enabled modules/filesets: ","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2024-02-15T17:14:17.811Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).setupPipelineLoaderCallback
","file.name":"beater/filebeat.go","file.line":193},"message":"Filebeat is unable to load the ingest pipelines for the configured modules because the Elasticsearch outpu
t is not configured/enabled. If you have already loaded the ingest pipelines or are using Logstash pipelines, you can ignore this warning.","service.name":"filebeat","ec
s.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.813Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch","file.name":"insta
nce/beat.go","file.line":520},"message":"filebeat start running.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.814Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.isFile","file.n
ame":"registrar/migrate.go","file.line":287},"message":"isFile(C:\\Filebeat\\data\\registry) -> false","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.820Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.isFile","file.n
ame":"registrar/migrate.go","file.line":287},"message":"isFile() -> false","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.821Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.isDir","file.na
me":"registrar/migrate.go","file.line":280},"message":"isDir(C:\\Filebeat\\data\\registry\\filebeat) -> true","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.823Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.isFile","file.n
ame":"registrar/migrate.go","file.line":287},"message":"isFile(C:\\Filebeat\\data\\registry\\filebeat\\meta.json) -> true","service.name":"filebeat","ecs.version":"1.6.0
"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.825Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Migrator
).Run","file.name":"registrar/migrate.go","file.line":82},"message":"Registry type '1' found","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.832Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/statestore/backend/memlog.openStore","file.name
":"memlog/store.go","file.line":134},"message":"Finished loading transaction log file for 'C:\\Filebeat\\data\\registry\\filebeat'. Active transaction id=0","service.nam
e":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.821Z","log.logger":"service","log.origin":{"function":"github.com/elastic/elastic-agent-libs/service.ProcessWindow
sControlEvents","file.name":"service/service_windows.go","file.line":134},"message":"Windows is interactive: true","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.821Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*
queueReader).run","file.name":"pipeline/queue_reader.go","file.line":49},"message":"pipeline event consumer queue reader: start","service.name":"filebeat","ecs.version":
"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.821Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log
.(*reporter).snapshotLoop","file.name":"log/log.go","file.line":145},"message":"Starting metrics logging every 30s","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.844Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/statestore/backend/memlog.openStore","file.name
":"memlog/store.go","file.line":134},"message":"Finished loading transaction log file for 'C:\\Filebeat\\data\\registry\\filebeat'. Active transaction id=0","service.nam
e":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2024-02-15T17:14:17.847Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).Run","file.name":"beater/fi
lebeat.go","file.line":331},"message":"Filebeat is unable to load the ingest pipelines for the configured modules because the Elasticsearch output is not configured/enab
led. If you have already loaded the ingest pipelines or are using Logstash pipelines, you can ignore this warning.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.848Z","log.logger":"input","log.origin":{"function":"github.com/elastic/beats/v7/x-pack/filebeat/input/shipper.NewI
nputManager","file.name":"shipper/input.go","file.line":55},"message":"creating new InputManager","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.850Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar
).loadStates","file.name":"registrar/registrar.go","file.line":107},"message":"States Loaded from registrar: 0","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.851Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Start
","file.name":"beater/crawler.go","file.line":71},"message":"Loading Inputs: 1","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.861Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).start
Input","file.name":"beater/crawler.go","file.line":117},"message":"starting input, keys present on the config: [filebeat.inputs.0.enabled filebeat.inputs.0.id filebeat.i
nputs.0.paths.0 filebeat.inputs.0.type]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.863Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).start
Input","file.name":"beater/crawler.go","file.line":121},"message":"input disabled, skipping it","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.865Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.(*Reloader).Che
ck","file.name":"cfgfile/reload.go","file.line":131},"message":"Checking module configs from: C:\\Filebeat/modules.d/*.yml","service.name":"filebeat","ecs.version":"1.6.
0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.867Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.LoadList","file
.name":"cfgfile/cfgfile.go","file.line":204},"message":"Load config from file: C:\\Filebeat\\modules.d\\logstash.yml","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.869Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.LoadList","file
.name":"cfgfile/cfgfile.go","file.line":204},"message":"Load config from file: C:\\Filebeat\\modules.d\\system.yml","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.876Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.(*Reloader).Che
ck","file.name":"cfgfile/reload.go","file.line":145},"message":"Number of module configs found: 2","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.893Z","log.logger":"modules","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/fileset.newModuleRegist
ry","file.name":"fileset/modules.go","file.line":135},"message":"Enabled modules/filesets: logstash (log)","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.875Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registra
r).Run","file.name":"registrar/registrar.go","file.line":138},"message":"Starting Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.966Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop","file.name":"beater/cr
awler.go","file.line":155},"message":"Stopping Crawler","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.967Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop","file.name":"beater/cr
awler.go","file.line":165},"message":"Stopping 0 inputs","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.969Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*crawler).Stop","file.name":"beater/cr
awler.go","file.line":185},"message":"Crawler stopped","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.973Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar
).Stop","file.name":"registrar/registrar.go","file.line":130},"message":"Stopping Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.975Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar
).Run","file.name":"registrar/registrar.go","file.line":164},"message":"Ending Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T17:14:17.976Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registra
r).Run","file.name":"registrar/registrar.go","file.line":165},"message":"Stopping Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.978Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registrar.(*Registrar
).Stop","file.name":"registrar/registrar.go","file.line":135},"message":"Registrar stopped","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.981Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log
.(*reporter).logTotals","file.name":"log/log.go","file.line":195},"message":"Total metrics","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cpu":{"system":{"
ticks":281,"time":{"ms":281}},"total":{"ticks":437,"time":{"ms":437},"value":437},"user":{"ticks":156,"time":{"ms":156}}},"info":{"ephemeral_id":"8756dc60-3083-4919-ba6d
-990e878033a9","name":"filebeat","uptime":{"ms":1060},"version":"8.12.1"},"memstats":{"gc_next":37791616,"memory_alloc":22288784,"memory_sys":52656408,"memory_total":619
82784,"rss":80969728},"runtime":{"goroutines":16}},"filebeat":{"events":{"active":0,"added":0,"done":0},"harvester":{"closed":0,"open_files":0,"running":0,"skipped":0,"s
tarted":0},"input":{"log":{"files":{"renamed":0,"truncated":0}},"netflow":{"flows":0,"packets":{"dropped":0,"received":0}}}},"libbeat":{"config":{"module":{"running":0,"
starts":0,"stops":0},"reloads":0,"scans":0},"output":{"batches":{"split":0},"events":{"acked":0,"active":0,"batches":0,"dropped":0,"duplicates":0,"failed":0,"toomany":0,
"total":0},"read":{"bytes":0,"errors":0},"type":"logstash","write":{"bytes":0,"errors":0}},"pipeline":{"clients":0,"events":{"active":0,"dropped":0,"failed":0,"filtered"
:0,"published":0,"retry":0,"total":0},"queue":{"acked":0,"max_events":3200}}},"processor":{"add_host_metadata":{"fqdn_lookup_failed":0}},"registrar":{"states":{"cleanup"
:0,"current":0,"update":0},"writes":{"fail":0,"success":0,"total":0}},"system":{"cpu":{"cores":1},"handles":{"open":297}}},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.987Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log
.(*reporter).logTotals","file.name":"log/log.go","file.line":196},"message":"Uptime: 1.0679994s","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.989Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log
.(*reporter).snapshotLoop","file.name":"log/log.go","file.line":163},"message":"Stopping metrics logging.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T17:14:17.995Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch","file.name":"insta
nce/beat.go","file.line":532},"message":"filebeat stopped.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T17:14:18.003Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.handleError","file.name":"instanc
e/beat.go","file.line":1312},"message":"Exiting: Failed to start crawler: creating module reloader failed: could not create module registry for filesets: error getting c
onfig for fileset logstash/log: Error interpreting the template of the input: template: text:3:22: executing \"text\" at <.paths>: range can't iterate over C:\\Filebeat\
\logs\\*","service.name":"filebeat","ecs.version":"1.6.0"}
Exiting: Failed to start crawler: creating module reloader failed: could not create module registry for filesets: error getting config for fileset logstash/log: Error in
terpreting the template of the input: template: text:3:22: executing "text" at <.paths>: range can't iterate over C:\Filebeat\logs\*
PS C:\Filebeat>

Thanks for helping out.

Regards,
Tiziano

That is not how you disable a module

.\filebeat.exe modules disable system

In fact disable the logstash module too.

Then create a simple log.txt file and then use the filestream input in the filebeat.yml to true and set the path.

You are making this harder by enabling modules you don't know how to use? :slight_smile:

Just create sample log file and then set this file stream to read it.

Or Find some log files on your system and point the path to that in the filestream

1 Like

Thanks a lot @stephenb
I disabled both sytem and logstash and, after doing that, I created a file log.txt and I moved in my folder filebeat/logs and this time I was able to start filebeat :slightly_smiling_face:

However, I ran again the .\filebeat.exe -e and I'm still getting some errors:

{"log.level":"info","@timestamp":"2024-02-15T19:10:52.349Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configur
e","file.name":"instance/beat.go","file.line":811},"message":"Home path: [C:\\Filebeat] Config path: [C:\\Filebeat] Data path: [C:\\Filebeat\\data] Log
s path: [C:\\Filebeat\\logs]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:52.535Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/inst
ance.(*Beat).loadMeta","file.name":"instance/beat.go","file.line":902},"message":"Beat metadata path: C:\\Filebeat\\data\\meta.json","service.name":"fi
lebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:52.550Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configur
e","file.name":"instance/beat.go","file.line":819},"message":"Beat ID: 9091b0bc-c35d-495b-afd2-0df9d85cd87a","service.name":"filebeat","ecs.version":"1
.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:52.676Z","log.logger":"conditions","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/co
nditions.NewCondition","file.name":"conditions/conditions.go","file.line":98},"message":"New condition contains: map[]","service.name":"filebeat","ecs.
version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:52.676Z","log.logger":"conditions","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/co
nditions.NewCondition","file.name":"conditions/conditions.go","file.line":98},"message":"New condition !contains: map[]","service.name":"filebeat","ecs
.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:52.676Z","log.logger":"docker","log.origin":{"function":"github.com/elastic/elastic-agent-autodisco
ver/docker.NewClient","file.name":"docker/client.go","file.line":49},"message":"Docker client will negotiate the API version on the first request.","se
rvice.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:52.676Z","log.logger":"add_docker_metadata","log.origin":{"function":"github.com/elastic/beats/v7/l
ibbeat/processors/add_docker_metadata.buildDockerMetadataProcessor","file.name":"add_docker_metadata/add_docker_metadata.go","file.line":89},"message":
"add_docker_metadata: docker environment not detected: protocol not available","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:52.676Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":130},"message":"add_cl
oud_metadata: starting to fetch metadata, timeout=3s","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:52.676Z","log.logger":"kubernetes","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pr
ocessors/add_kubernetes_metadata.(*kubernetesAnnotator).init.func1","file.name":"add_kubernetes_metadata/kubernetes.go","file.line":152},"message":"Cou
ld not create kubernetes client using in_cluster config: unable to build kube config due to error: invalid configuration: no configuration has been pro
vided, try setting KUBERNETES_MASTER environment variable","service.name":"filebeat","libbeat.processor":"add_kubernetes_metadata","ecs.version":"1.6.0
"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:52.705Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cl
oud_metadata: received disposition for hetzner after 28.1426ms. result=[provider:hetzner, error=failed with http status code 404, metadata={}]","servic
e.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T19:10:52.713Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cl
oud_metadata: received error failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:52.713Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cl
oud_metadata: received disposition for huawei after 36.6888ms. result=[provider:huawei, error=failed with http status code 404, metadata={}]","service.
name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T19:10:52.713Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cl
oud_metadata: received error failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:52.713Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cl
oud_metadata: received disposition for digitalocean after 36.6888ms. result=[provider:digitalocean, error=failed with http status code 404, metadata={}
]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T19:10:52.723Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cl
oud_metadata: received error failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:52.760Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cl
oud_metadata: received disposition for azure after 83.3465ms. result=[provider:azure, error=failed with http status code 404, metadata={}]","service.na
me":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T19:10:52.876Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cl
oud_metadata: received error failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:52.895Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cl
oud_metadata: received disposition for gcp after 218.3473ms. result=[provider:gcp, error=failed with http status code 404, metadata={}]","service.name"
:"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-02-15T19:10:52.912Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":173},"message":"add_cl
oud_metadata: received error failed with http status code 404","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.034Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata","file.name":"add_cloud_metadata/providers.go","file.line":167},"message":"add_cl
oud_metadata: received disposition for openstack after 357.3491ms. result=[provider:openstack, error=<nil>, metadata={\"cloud\":{\"availability_zone\":
\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4b7325a712ccee\",\"name\":\"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\"},\"machine\":{\"typ
e\":\"t2.small\"},\"provider\":\"openstack\",\"service\":{\"name\":\"Nova\"}}}]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.050Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/li
bbeat/processors/add_cloud_metadata.(*addCloudMetadata).fetchMetadata.func1","file.name":"add_cloud_metadata/providers.go","file.line":133},"message":"
add_cloud_metadata: fetchMetadata ran for 373.3491ms","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.068Z","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/lib
beat/processors/add_cloud_metadata.(*addCloudMetadata).init.func1","file.name":"add_cloud_metadata/add_cloud_metadata.go","file.line":104},"message":"a
dd_cloud_metadata: hosting provider type detected as openstack, metadata={\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4
b7325a712ccee\",\"name\":\"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\"},\"machine\":{\"type\":\"t2.small\"},\"provider\":\"openstack\"
,\"service\":{\"name\":\"Nova\"}}}","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.070Z","log.logger":"processors","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pr
ocessors.New","file.name":"processors/processor.go","file.line":114},"message":"Generated new processors: add_host_metadata=[netinfo.enabled=[true], ca
che.ttl=[5m0s]], condition=!contains: map[], add_cloud_metadata={\"cloud\":{\"availability_zone\":\"eu-west-1c\",\"instance\":{\"id\":\"i-00a4b7325a712
ccee\",\"name\":\"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\"},\"machine\":{\"type\":\"t2.small\"},\"provider\":\"openstack\",\"servic
e\":{\"name\":\"Nova\"}}}, add_docker_metadata=[match_fields=[] match_pids=[process.pid, process.parent.pid]], add_kubernetes_metadata","service.name":
"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.073Z","log.logger":"seccomp","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/commo
n/seccomp.loadFilter","file.name":"seccomp/seccomp.go","file.line":97},"message":"Syscall filtering is only supported on Linux","service.name":"filebea
t","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.075Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/insta
nce.logSystemInfo","file.name":"instance/beat.go","file.line":1337},"message":"Beat info","service.name":"filebeat","system_info":{"beat":{"path":{"con
fig":"C:\\Filebeat","data":"C:\\Filebeat\\data","home":"C:\\Filebeat","logs":"C:\\Filebeat\\logs"},"type":"filebeat","uuid":"9091b0bc-c35d-495b-afd2-0d
f9d85cd87a"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.076Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/insta
nce.logSystemInfo","file.name":"instance/beat.go","file.line":1346},"message":"Build info","service.name":"filebeat","system_info":{"build":{"commit":"
c7ec8f634ed6052674762b32fa640087d32f165f","libbeat":"8.12.1","time":"2024-02-01T12:00:16.000Z","version":"8.12.1"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.086Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/insta
nce.logSystemInfo","file.name":"instance/beat.go","file.line":1349},"message":"Go runtime info","service.name":"filebeat","system_info":{"go":{"os":"wi
ndows","arch":"amd64","max_procs":1,"version":"go1.20.12"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.165Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/insta
nce.logSystemInfo","file.name":"instance/beat.go","file.line":1355},"message":"Host info","service.name":"filebeat","system_info":{"host":{"architectur
e":"x86_64","boot_time":"2024-02-14T14:04:59Z","name":"ec2amaz-n6l6q6q","ip":["10.147.119.41","::1","127.0.0.1"],"kernel_version":"10.0.14393.6611 (rs1
_release.231218-1733)","mac":["06:f8:7d:88:81:b7"],"os":{"type":"windows","family":"windows","platform":"windows","name":"Windows Server 2016 Datacente
r","version":"10.0","major":10,"minor":0,"patch":0,"build":"14393.6614"},"timezone":"UTC","timezone_offset_sec":0,"id":"556cb70f-336b-45e2-9ac3-ac04379
e7ccd"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.176Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/insta
nce.logSystemInfo","file.name":"instance/beat.go","file.line":1384},"message":"Process info","service.name":"filebeat","system_info":{"process":{"cwd":
"C:\\Filebeat","exe":"C:\\Filebeat\\filebeat.exe","name":"filebeat.exe","pid":5760,"ppid":4388,"start_time":"2024-02-15T19:10:51.942Z"},"ecs.version":"
1.6.0"}}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.180Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).createBe
ater","file.name":"instance/beat.go","file.line":334},"message":"Setup Beat: filebeat; Version: 8.12.1","service.name":"filebeat","ecs.version":"1.6.0"
}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.213Z","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/inst
ance.(*Beat).createBeater","file.name":"instance/beat.go","file.line":362},"message":"Initializing output plugins","service.name":"filebeat","ecs.versi
on":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.238Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pub
lisher/pipeline.(*eventConsumer).run","file.name":"pipeline/consumer.go","file.line":110},"message":"start pipeline event consumer","service.name":"fil
ebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.243Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/publ
isher/pipeline.LoadWithSettings","file.name":"pipeline/module.go","file.line":105},"message":"Beat name: EC2AMAZ-N6L6Q6Q","service.name":"filebeat","ec
s.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.245Z","log.logger":"modules","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/files
et.newModuleRegistry","file.name":"fileset/modules.go","file.line":135},"message":"Enabled modules/filesets: ","service.name":"filebeat","ecs.version":
"1.6.0"}
{"log.level":"warn","@timestamp":"2024-02-15T19:10:53.246Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).setupPipe
lineLoaderCallback","file.name":"beater/filebeat.go","file.line":193},"message":"Filebeat is unable to load the ingest pipelines for the configured mod
ules because the Elasticsearch output is not configured/enabled. If you have already loaded the ingest pipelines or are using Logstash pipelines, you c
an ignore this warning.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.248Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch",
"file.name":"instance/beat.go","file.line":520},"message":"filebeat start running.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.250Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registr
ar.isFile","file.name":"registrar/migrate.go","file.line":287},"message":"isFile(C:\\Filebeat\\data\\registry) -> false","service.name":"filebeat","ecs
.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.260Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registr
ar.isFile","file.name":"registrar/migrate.go","file.line":287},"message":"isFile() -> false","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.291Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registr
ar.isDir","file.name":"registrar/migrate.go","file.line":280},"message":"isDir(C:\\Filebeat\\data\\registry\\filebeat) -> true","service.name":"filebea
t","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.297Z","log.logger":"test","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/registr
ar.isFile","file.name":"registrar/migrate.go","file.line":287},"message":"isFile(C:\\Filebeat\\data\\registry\\filebeat\\meta.json) -> true","service.n
ame":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.318Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/re
gistrar.(*Migrator).Run","file.name":"registrar/migrate.go","file.line":82},"message":"Registry type '1' found","service.name":"filebeat","ecs.version"
:"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.261Z","log.logger":"service","log.origin":{"function":"github.com/elastic/elastic-agent-libs/ser
vice.ProcessWindowsControlEvents","file.name":"service/service_windows.go","file.line":134},"message":"Windows is interactive: true","service.name":"fi
lebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.261Z","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pub
lisher/pipeline.(*queueReader).run","file.name":"pipeline/queue_reader.go","file.line":49},"message":"pipeline event consumer queue reader: start","ser
vice.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.261Z","log.logger":"monitoring","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/mon
itoring/report/log.(*reporter).snapshotLoop","file.name":"log/log.go","file.line":145},"message":"Starting metrics logging every 30s","service.name":"f
ilebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.409Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/statestore/backend/memlog.ope
nStore","file.name":"memlog/store.go","file.line":134},"message":"Finished loading transaction log file for 'C:\\Filebeat\\data\\registry\\filebeat'. A
ctive transaction id=18","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.419Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/statestore/backend/memlog.ope
nStore","file.name":"memlog/store.go","file.line":134},"message":"Finished loading transaction log file for 'C:\\Filebeat\\data\\registry\\filebeat'. A
ctive transaction id=18","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2024-02-15T19:10:53.430Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beater.(*Filebeat).Run","fil
e.name":"beater/filebeat.go","file.line":331},"message":"Filebeat is unable to load the ingest pipelines for the configured modules because the Elastic
search output is not configured/enabled. If you have already loaded the ingest pipelines or are using Logstash pipelines, you can ignore this warning."
,"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.432Z","log.logger":"input","log.origin":{"function":"github.com/elastic/beats/v7/x-pack/filebeat/
input/shipper.NewInputManager","file.name":"shipper/input.go","file.line":55},"message":"creating new InputManager","service.name":"filebeat","ecs.vers
ion":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.434Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/reg
istrar.(*Registrar).loadStates","file.name":"registrar/registrar.go","file.line":107},"message":"States Loaded from registrar: 0","service.name":"fileb
eat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.435Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beate
r.(*crawler).Start","file.name":"beater/crawler.go","file.line":71},"message":"Loading Inputs: 1","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.441Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beate
r.(*crawler).startInput","file.name":"beater/crawler.go","file.line":117},"message":"starting input, keys present on the config: [filebeat.inputs.0.ena
bled filebeat.inputs.0.id filebeat.inputs.0.paths.0 filebeat.inputs.0.type]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.443Z","log.logger":"scanner","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/inpu
t/filestream.(*fileScanner).resolveRecursiveGlobs","file.name":"filestream/fswatch.go","file.line":329},"message":"recursive glob enabled","service.nam
e":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.445Z","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/input/filestream.newProspec
tor","file.name":"filestream/prospector_creator.go","file.line":58},"message":"file identity is set to native","service.name":"filebeat","filestream_id
":"my-filestream-id","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.452Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beate
r.(*crawler).startInput","file.name":"beater/crawler.go","file.line":148},"message":"Starting input (ID: 1227073067052401576)","service.name":"filebeat
","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.454Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfi
le.(*Reloader).Check","file.name":"cfgfile/reload.go","file.line":131},"message":"Checking module configs from: C:\\Filebeat/modules.d/*.yml","service.
name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.456Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfi
le.(*Reloader).Check","file.name":"cfgfile/reload.go","file.line":145},"message":"Number of module configs found: 0","service.name":"filebeat","ecs.ver
sion":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.458Z","log.logger":"crawler","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/beate
r.(*crawler).Start","file.name":"beater/crawler.go","file.line":106},"message":"Loading and starting Inputs completed. Enabled inputs: 1","service.name
":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.458Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/fileb
eat/input/v2/compat.(*runner).Start.func1","file.name":"compat/compat.go","file.line":121},"message":"Input 'filestream' starting","service.name":"file
beat","id":"my-filestream-id","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.469Z","log.logger":"metric_registry","log.origin":{"function":"github.com/elastic/beats/v7/libbea
t/monitoring/inputmon.NewInputRegistry","file.name":"inputmon/input.go","file.line":63},"message":"registering","service.name":"filebeat","input_type":
"filestream","id":"my-filestream-id","key":"my-filestream-id","uuid":"c505850c-1802-4965-98f6-d5d3c3be7f21","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.471Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*fileProspector).Run","file.name":"filestream/prospector.go","file.line":133},"message":"Starting prospector","service.name":"fi
lebeat","id":"my-filestream-id","prospector":"file_prospector","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.472Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.(*Reloader).Run","fil
e.name":"cfgfile/reload.go","file.line":163},"message":"Config reloader started","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.474Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfi
le.(*Reloader).Run","file.name":"cfgfile/reload.go","file.line":193},"message":"Scan for new config files","service.name":"filebeat","ecs.version":"1.6
.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.480Z","log.logger":"cfgfile","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfi
le.(*Reloader).Run","file.name":"cfgfile/reload.go","file.line":212},"message":"Number of module configs found: 0","service.name":"filebeat","ecs.versi
on":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.481Z","log.logger":"reload","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfil
e.(*RunnerList).Reload","file.name":"cfgfile/list.go","file.line":92},"message":"Starting reload procedure, current runners: 0","service.name":"filebea
t","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.483Z","log.logger":"reload","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfil
e.(*RunnerList).Reload","file.name":"cfgfile/list.go","file.line":110},"message":"Start list: 0, Stop list: 0","service.name":"filebeat","ecs.version":
"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.484Z","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.(*Reloader).Run","fil
e.name":"cfgfile/reload.go","file.line":223},"message":"Loading of config files completed.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.443Z","log.logger":"registrar","log.origin":{"function":"github.com/elastic/beats/v7/filebeat/re
gistrar.(*Registrar).Run","file.name":"registrar/registrar.go","file.line":138},"message":"Starting Registrar","service.name":"filebeat","ecs.version":
"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.491Z","log.logger":"file_watcher","log.origin":{"function":"github.com/elastic/beats/v7/filebeat
/input/filestream.(*fileWatcher).watch","file.name":"filestream/fswatch.go","file.line":120},"message":"Start next scan","service.name":"filebeat","ecs
.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.499Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*fileProspector).onFSEvent","file.name":"filestream/prospector.go","file.line":179},"message":"A new file c:\\Filebeat\\logs\\fi
lebeat-20240215-4.ndjson has been found","service.name":"filebeat","id":"my-filestream-id","prospector":"file_prospector","operation":"create","source_
name":"native::7733248-386237-3932616615","os_id":"7733248-386237-3932616615","new_path":"c:\\Filebeat\\logs\\filebeat-20240215-4.ndjson","ecs.version"
:"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.505Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream/internal/input-logfile.(*defaultHarvesterGroup).Start","file.name":"input-logfile/harvester.go","file.line":139},"message":"Start
ing harvester for file","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::7733248-386237-393261661
5","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.506Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*fileProspector).onFSEvent","file.name":"filestream/prospector.go","file.line":179},"message":"A new file c:\\Filebeat\\logs\\fi
lebeat-20240215.ndjson has been found","service.name":"filebeat","id":"my-filestream-id","prospector":"file_prospector","operation":"create","source_na
me":"native::8257536-386231-3932616615","os_id":"8257536-386231-3932616615","new_path":"c:\\Filebeat\\logs\\filebeat-20240215.ndjson","ecs.version":"1.
6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.509Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream/internal/input-logfile.(*defaultHarvesterGroup).Start","file.name":"input-logfile/harvester.go","file.line":139},"message":"Start
ing harvester for file","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::8257536-386231-393261661
5","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.540Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*fileProspector).onFSEvent","file.name":"filestream/prospector.go","file.line":179},"message":"A new file c:\\Filebeat\\logs\\fi
lebeat-20240215-1.ndjson has been found","service.name":"filebeat","id":"my-filestream-id","prospector":"file_prospector","operation":"create","source_
name":"native::137297920-103062-3932616615","os_id":"137297920-103062-3932616615","new_path":"c:\\Filebeat\\logs\\filebeat-20240215-1.ndjson","ecs.vers
ion":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.549Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream/internal/input-logfile.(*defaultHarvesterGroup).Start","file.name":"input-logfile/harvester.go","file.line":139},"message":"Start
ing harvester for file","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::137297920-103062-3932616
615","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.556Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*fileProspector).onFSEvent","file.name":"filestream/prospector.go","file.line":179},"message":"A new file c:\\Filebeat\\logs\\fi
lebeat-20240215-5.ndjson has been found","service.name":"filebeat","id":"my-filestream-id","prospector":"file_prospector","operation":"create","source_
name":"native::12386304-325155-3932616615","os_id":"12386304-325155-3932616615","new_path":"c:\\Filebeat\\logs\\filebeat-20240215-5.ndjson","ecs.versio
n":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.582Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream/internal/input-logfile.(*defaultHarvesterGroup).Start","file.name":"input-logfile/harvester.go","file.line":139},"message":"Start
ing harvester for file","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::12386304-325155-39326166
15","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.585Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*fileProspector).onFSEvent","file.name":"filestream/prospector.go","file.line":179},"message":"A new file c:\\Filebeat\\logs\\lo
g.txt.txt has been found","service.name":"filebeat","id":"my-filestream-id","prospector":"file_prospector","operation":"create","source_name":"native::
655360-324051-3932616615","os_id":"655360-324051-3932616615","new_path":"c:\\Filebeat\\logs\\log.txt.txt","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.638Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream/internal/input-logfile.(*defaultHarvesterGroup).Start","file.name":"input-logfile/harvester.go","file.line":139},"message":"Start
ing harvester for file","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::655360-324051-3932616615
","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.584Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*filestream).open","file.name":"filestream/input.go","file.line":183},"message":"newLogFileReader with config.MaxBytes:10485760"
,"service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::8257536-386231-3932616615","path":"c:\\Filebeat
\\logs\\filebeat-20240215.ndjson","state-id":"native::8257536-386231-3932616615","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.555Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*filestream).open","file.name":"filestream/input.go","file.line":183},"message":"newLogFileReader with config.MaxBytes:10485760"
,"service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::7733248-386237-3932616615","path":"c:\\Filebeat
\\logs\\filebeat-20240215-4.ndjson","state-id":"native::7733248-386237-3932616615","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.661Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*filestream).open","file.name":"filestream/input.go","file.line":183},"message":"newLogFileReader with config.MaxBytes:10485760"
,"service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::137297920-103062-3932616615","path":"c:\\Filebe
at\\logs\\filebeat-20240215-1.ndjson","state-id":"native::137297920-103062-3932616615","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.669Z","log.logger":"detect_null_bytes","log.origin":{"function":"github.com/elastic/beats/v7/libb
eat/reader/debug.(*Reader).Read","file.name":"debug/debug.go","file.line":95},"message":"Starting debug reader with a buffer size of 16384 and max fail
ures of 100","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.671Z","log.logger":"processors","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pu
blisher/processing.debugPrintProcessor.func1","file.name":"processing/processors.go","file.line":213},"message":"Publish event: {\n  \"@timestamp\": \"
2024-02-15T19:10:53.671Z\",\n  \"@metadata\": {\n    \"beat\": \"filebeat\",\n    \"type\": \"_doc\",\n    \"version\": \"8.12.1\"\n  },\n  \"agent\":
{\n    \"type\": \"filebeat\",\n    \"version\": \"8.12.1\",\n    \"ephemeral_id\": \"7771f5c0-141a-4e2c-a874-9c23fbbeeee3\",\n    \"id\": \"9091b0bc-c
35d-495b-afd2-0df9d85cd87a\",\n    \"name\": \"EC2AMAZ-N6L6Q6Q\"\n  },\n  \"ecs\": {\n    \"version\": \"8.0.0\"\n  },\n  \"cloud\": {\n    \"availabil
ity_zone\": \"eu-west-1c\",\n    \"service\": {\n      \"name\": \"Nova\"\n    },\n    \"provider\": \"openstack\",\n    \"instance\": {\n      \"id\":
 \"i-00a4b7325a712ccee\",\n      \"name\": \"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\"\n    },\n    \"machine\": {\n      \"type\":
\"t2.small\"\n    }\n  },\n  \"log\": {\n    \"offset\": 0,\n    \"file\": {\n      \"idxlo\": \"103062\",\n      \"vol\": \"3932616615\",\n      \"pat
h\": \"c:\\\\Filebeat\\\\logs\\\\filebeat-20240215-1.ndjson\",\n      \"idxhi\": \"137297920\"\n    }\n  },\n  \"message\": \"{\\\"log.level\\\":\\\"in
fo\\\",\\\"@timestamp\\\":\\\"2024-02-15T14:09:56.924Z\\\",\\\"log.origin\\\":{\\\"function\\\":\\\"github.com/elastic/beats/v7/libbeat/cmd/instance.(*
Beat).configure\\\",\\\"file.name\\\":\\\"instance/beat.go\\\",\\\"file.line\\\":811},\\\"message\\\":\\\"Home path: [C:\\\\\\\\Filebeat] Config path:
[C:\\\\\\\\Filebeat] Data path: [C:\\\\\\\\Filebeat\\\\\\\\data] Logs path: [C:\\\\\\\\Filebeat\\\\\\\\logs]\\\",\\\"service.name\\\":\\\"filebeat\\\",
\\\"ecs.version\\\":\\\"1.6.0\\\"}\",\n  \"input\": {\n    \"type\": \"filestream\"\n  },\n  \"host\": {\n    \"name\": \"ec2amaz-n6l6q6q\",\n    \"arc
hitecture\": \"x86_64\",\n    \"os\": {\n      \"family\": \"windows\",\n      \"name\": \"Windows Server 2016 Datacenter\",\n      \"kernel\": \"10.0.
14393.6611 (rs1_release.231218-1733)\",\n      \"build\": \"14393.6614\",\n      \"type\": \"windows\",\n      \"platform\": \"windows\",\n      \"vers
ion\": \"10.0\"\n    },\n    \"id\": \"556cb70f-336b-45e2-9ac3-ac04379e7ccd\",\n    \"ip\": [\n      \"10.147.119.41\"\n    ],\n    \"mac\": [\n      \
"06-F8-7D-88-81-B7\"\n    ],\n    \"hostname\": \"ec2amaz-n6l6q6q\"\n  }\n}","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.674Z","log.logger":"processors","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pu
blisher/processing.debugPrintProcessor.func1","file.name":"processing/processors.go","file.line":213},"message":"Publish event: {\n  \"@timestamp\": \"
2024-02-15T19:10:53.673Z\",\n  \"@metadata\": {\n    \"beat\": \"filebeat\",\n    \"type\": \"_doc\",\n    \"version\": \"8.12.1\"\n  },\n  \"host\": {
\n    \"name\": \"ec2amaz-n6l6q6q\",\n    \"os\": {\n      \"version\": \"10.0\",\n      \"family\": \"windows\",\n      \"name\": \"Windows Server 201
6 Datacenter\",\n      \"kernel\": \"10.0.14393.6611 (rs1_release.231218-1733)\",\n      \"build\": \"14393.6614\",\n      \"type\": \"windows\",\n
  \"platform\": \"windows\"\n    },\n    \"id\": \"556cb70f-336b-45e2-9ac3-ac04379e7ccd\",\n    \"ip\": [\n      \"10.147.119.41\"\n    ],\n    \"mac\"
: [\n      \"06-F8-7D-88-81-B7\"\n    ],\n    \"hostname\": \"ec2amaz-n6l6q6q\",\n    \"architecture\": \"x86_64\"\n  },\n  \"cloud\": {\n    \"provide
r\": \"openstack\",\n    \"instance\": {\n      \"id\": \"i-00a4b7325a712ccee\",\n      \"name\": \"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemal
to.com.\"\n    },\n    \"machine\": {\n      \"type\": \"t2.small\"\n    },\n    \"availability_zone\": \"eu-west-1c\",\n    \"service\": {\n      \"na
me\": \"Nova\"\n    }\n  },\n  \"log\": {\n    \"file\": {\n      \"path\": \"c:\\\\Filebeat\\\\logs\\\\filebeat-20240215-1.ndjson\",\n      \"idxhi\":
 \"137297920\",\n      \"idxlo\": \"103062\",\n      \"vol\": \"3932616615\"\n    },\n    \"offset\": 381\n  },\n  \"message\": \"{\\\"log.level\\\":\\
\"info\\\",\\\"@timestamp\\\":\\\"2024-02-15T14:09:56.926Z\\\",\\\"log.origin\\\":{\\\"function\\\":\\\"github.com/elastic/beats/v7/libbeat/cmd/instanc
e.(*Beat).configure\\\",\\\"file.name\\\":\\\"instance/beat.go\\\",\\\"file.line\\\":819},\\\"message\\\":\\\"Beat ID: 9091b0bc-c35d-495b-afd2-0df9d85c
d87a\\\",\\\"service.name\\\":\\\"filebeat\\\",\\\"ecs.version\\\":\\\"1.6.0\\\"}\",\n  \"input\": {\n    \"type\": \"filestream\"\n  },\n  \"agent\":
{\n    \"name\": \"EC2AMAZ-N6L6Q6Q\",\n    \"type\": \"filebeat\",\n    \"version\": \"8.12.1\",\n    \"ephemeral_id\": \"7771f5c0-141a-4e2c-a874-9c23f
bbeeee3\",\n    \"id\": \"9091b0bc-c35d-495b-afd2-0df9d85cd87a\"\n  },\n  \"ecs\": {\n    \"version\": \"8.0.0\"\n  }\n}","service.name":"filebeat","ec
s.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.683Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*logFile).Read","file.name":"filestream/filestream.go","file.line":131},"message":"End of file reached: c:\\Filebeat\\logs\\file
beat-20240215-1.ndjson; Backoff now.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::137297920-
103062-3932616615","path":"c:\\Filebeat\\logs\\filebeat-20240215-1.ndjson","state-id":"native::137297920-103062-3932616615","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.685Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*filestream).open","file.name":"filestream/input.go","file.line":183},"message":"newLogFileReader with config.MaxBytes:10485760"
,"service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::12386304-325155-3932616615","path":"c:\\Filebea
t\\logs\\filebeat-20240215-5.ndjson","state-id":"native::12386304-325155-3932616615","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.705Z","log.logger":"detect_null_bytes","log.origin":{"function":"github.com/elastic/beats/v7/libb
eat/reader/debug.(*Reader).Read","file.name":"debug/debug.go","file.line":95},"message":"Starting debug reader with a buffer size of 16384 and max fail
ures of 100","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.707Z","log.logger":"processors","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pu
blisher/processing.debugPrintProcessor.func1","file.name":"processing/processors.go","file.line":213},"message":"Publish event: {\n  \"@timestamp\": \"
2024-02-15T19:10:53.706Z\",\n  \"@metadata\": {\n    \"beat\": \"filebeat\",\n    \"type\": \"_doc\",\n    \"version\": \"8.12.1\"\n  },\n  \"log\": {\
n    \"offset\": 0,\n    \"file\": {\n      \"vol\": \"3932616615\",\n      \"path\": \"c:\\\\Filebeat\\\\logs\\\\filebeat-20240215-5.ndjson\",\n
\"idxhi\": \"12386304\",\n      \"idxlo\": \"325155\"\n    }\n  },\n  \"message\": \"{\\\"log.level\\\":\\\"info\\\",\\\"@timestamp\\\":\\\"2024-02-15T
14:16:03.207Z\\\",\\\"log.origin\\\":{\\\"function\\\":\\\"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure\\\",\\\"file.name\\\":\\\
"instance/beat.go\\\",\\\"file.line\\\":811},\\\"message\\\":\\\"Home path: [C:\\\\\\\\Filebeat] Config path: [C:\\\\\\\\Filebeat] Data path: [C:\\\\\\
\\Filebeat\\\\\\\\data] Logs path: [C:\\\\\\\\Filebeat\\\\\\\\logs]\\\",\\\"service.name\\\":\\\"filebeat\\\",\\\"ecs.version\\\":\\\"1.6.0\\\"}\",\n
\"input\": {\n    \"type\": \"filestream\"\n  },\n  \"ecs\": {\n    \"version\": \"8.0.0\"\n  },\n  \"host\": {\n    \"hostname\": \"ec2amaz-n6l6q6q\",
\n    \"architecture\": \"x86_64\",\n    \"os\": {\n      \"kernel\": \"10.0.14393.6611 (rs1_release.231218-1733)\",\n      \"build\": \"14393.6614\",\
n      \"type\": \"windows\",\n      \"platform\": \"windows\",\n      \"version\": \"10.0\",\n      \"family\": \"windows\",\n      \"name\": \"Window
s Server 2016 Datacenter\"\n    },\n    \"id\": \"556cb70f-336b-45e2-9ac3-ac04379e7ccd\",\n    \"name\": \"ec2amaz-n6l6q6q\",\n    \"ip\": [\n      \"1
0.147.119.41\"\n    ],\n    \"mac\": [\n      \"06-F8-7D-88-81-B7\"\n    ]\n  },\n  \"agent\": {\n    \"version\": \"8.12.1\",\n    \"ephemeral_id\": \
"7771f5c0-141a-4e2c-a874-9c23fbbeeee3\",\n    \"id\": \"9091b0bc-c35d-495b-afd2-0df9d85cd87a\",\n    \"name\": \"EC2AMAZ-N6L6Q6Q\",\n    \"type\": \"fi
lebeat\"\n  },\n  \"cloud\": {\n    \"instance\": {\n      \"name\": \"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\",\n      \"id\": \"i
-00a4b7325a712ccee\"\n    },\n    \"machine\": {\n      \"type\": \"t2.small\"\n    },\n    \"availability_zone\": \"eu-west-1c\",\n    \"service\": {\
n      \"name\": \"Nova\"\n    },\n    \"provider\": \"openstack\"\n  }\n}","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.714Z","log.logger":"processors","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pu
blisher/processing.debugPrintProcessor.func1","file.name":"processing/processors.go","file.line":213},"message":"Publish event: {\n  \"@timestamp\": \"
2024-02-15T19:10:53.714Z\",\n  \"@metadata\": {\n    \"beat\": \"filebeat\",\n    \"type\": \"_doc\",\n    \"version\": \"8.12.1\"\n  },\n  \"log\": {\
n    \"offset\": 381,\n    \"file\": {\n      \"path\": \"c:\\\\Filebeat\\\\logs\\\\filebeat-20240215-5.ndjson\",\n      \"idxhi\": \"12386304\",\n
  \"idxlo\": \"325155\",\n      \"vol\": \"3932616615\"\n    }\n  },\n  \"message\": \"{\\\"log.level\\\":\\\"info\\\",\\\"@timestamp\\\":\\\"2024-02-1
5T14:16:03.210Z\\\",\\\"log.origin\\\":{\\\"function\\\":\\\"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure\\\",\\\"file.name\\\":\
\\"instance/beat.go\\\",\\\"file.line\\\":819},\\\"message\\\":\\\"Beat ID: 9091b0bc-c35d-495b-afd2-0df9d85cd87a\\\",\\\"service.name\\\":\\\"filebeat\
\\",\\\"ecs.version\\\":\\\"1.6.0\\\"}\",\n  \"input\": {\n    \"type\": \"filestream\"\n  },\n  \"agent\": {\n    \"ephemeral_id\": \"7771f5c0-141a-4e
2c-a874-9c23fbbeeee3\",\n    \"id\": \"9091b0bc-c35d-495b-afd2-0df9d85cd87a\",\n    \"name\": \"EC2AMAZ-N6L6Q6Q\",\n    \"type\": \"filebeat\",\n    \"
version\": \"8.12.1\"\n  },\n  \"ecs\": {\n    \"version\": \"8.0.0\"\n  },\n  \"host\": {\n    \"ip\": [\n      \"10.147.119.41\"\n    ],\n    \"mac\"
: [\n      \"06-F8-7D-88-81-B7\"\n    ],\n    \"hostname\": \"ec2amaz-n6l6q6q\",\n    \"architecture\": \"x86_64\",\n    \"name\": \"ec2amaz-n6l6q6q\",
\n    \"os\": {\n      \"kernel\": \"10.0.14393.6611 (rs1_release.231218-1733)\",\n      \"build\": \"14393.6614\",\n      \"type\": \"windows\",\n
  \"platform\": \"windows\",\n      \"version\": \"10.0\",\n      \"family\": \"windows\",\n      \"name\": \"Windows Server 2016 Datacenter\"\n    },\
n    \"id\": \"556cb70f-336b-45e2-9ac3-ac04379e7ccd\"\n  },\n  \"cloud\": {\n    \"instance\": {\n      \"id\": \"i-00a4b7325a712ccee\",\n      \"name\
": \"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\"\n    },\n    \"machine\": {\n      \"type\": \"t2.small\"\n    },\n    \"availability
_zone\": \"eu-west-1c\",\n    \"service\": {\n      \"name\": \"Nova\"\n    },\n    \"provider\": \"openstack\"\n  }\n}","service.name":"filebeat","ecs
.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.716Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*logFile).Read","file.name":"filestream/filestream.go","file.line":131},"message":"End of file reached: c:\\Filebeat\\logs\\file
beat-20240215-5.ndjson; Backoff now.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::12386304-3
25155-3932616615","path":"c:\\Filebeat\\logs\\filebeat-20240215-5.ndjson","state-id":"native::12386304-325155-3932616615","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.718Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*filestream).open","file.name":"filestream/input.go","file.line":183},"message":"newLogFileReader with config.MaxBytes:10485760"
,"service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::655360-324051-3932616615","path":"c:\\Filebeat\
\logs\\log.txt.txt","state-id":"native::655360-324051-3932616615","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.720Z","log.logger":"detect_null_bytes","log.origin":{"function":"github.com/elastic/beats/v7/libb
eat/reader/debug.(*Reader).Read","file.name":"debug/debug.go","file.line":95},"message":"Starting debug reader with a buffer size of 16384 and max fail
ures of 100","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.721Z","log.logger":"input.filestream","log.origin":{"function":"github.com/elastic/beats/v7/file
beat/input/filestream.(*logFile).Read","file.name":"filestream/filestream.go","file.line":131},"message":"End of file reached: c:\\Filebeat\\logs\\log.
txt.txt; Backoff now.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::655360-324051-3932616615"
,"path":"c:\\Filebeat\\logs\\log.txt.txt","state-id":"native::655360-324051-3932616615","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-02-15T19:10:53.685Z","log.logger":"detect_null_bytes","log.origin":{"function":"github.com/elastic/beats/v7/libb
eat/reader/debug.(*Reader).Read","file.name":"debug/debug.go","file.line":95},"message":"Starting debug reader with a buffer size of 16384 and max fail
ures of 100","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.736Z","log.logger":"processors","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pu
blisher/processing.debugPrintProcessor.func1","file.name":"processing/processors.go","file.line":213},"message":"Publish event: {\n  \"@timestamp\": \"
2024-02-15T19:10:53.736Z\",\n  \"@metadata\": {\n    \"beat\": \"filebeat\",\n    \"type\": \"_doc\",\n    \"version\": \"8.12.1\"\n  },\n  \"cloud\":
{\n    \"provider\": \"openstack\",\n    \"instance\": {\n      \"name\": \"ip-10-147-119-41.alpsec.ew1.alpha-dev.private.gemalto.com.\",\n      \"id\"
: \"i-00a4b7325a712ccee\"\n    },\n    \"machine\": {\n      \"type\": \"t2.small\"\n    },\n    \"availability_zone\": \"eu-west-1c\",\n    \"service\
": {\n      \"name\": \"Nova\"\n    }\n  },\n  \"log\": {\n    \"offset\": 0,\n    \"file\": {\n      \"path\": \"c:\\\\Filebeat\\\\logs\\\\filebeat-20
240215.ndjson\",\n      \"idxhi\": \"8257536\",\n      \"idxlo\": \"386231\",\n      \"vol\": \"3932616615\"\n    }\n  },\n  \"message\": \"{\\\"log.le
vel\\\":\\\"info\\\",\\\"@timestamp\\\":\\\"2024-02-15T14:09:11.772Z\\\",\\\"log.origin\\\":{\\\"function\\\":\\\"github.com/elastic/beats/v7/libbeat/c
md/instance.(*Beat).configure\\\",\\\"file.name\\\":\\\"instance/beat.go\\\",\\\"file.line\\\":811},\\\"message\\\":\\\"Home path: [C:\\\\\\\\Filebeat]
 Config path: [C:\\\\\\\\Filebeat] Data path: [C:\\\\\\\\Filebeat\\\\\\\\data] Logs path: [C:\\\\\\\\Filebeat\\\\\\\\logs]\\\",\\\"service.name\\\":\\\
"filebeat\\\",\\\"ecs.version\\\":\\\"1.6.0\\\"}\",\n  \"input\": {\n    \"type\": \"filestream\"\n  },\n  \"ecs\": {\n    \"version\": \"8.0.0\"\n  },
\n  \"host\": {\n    \"hostname\": \"ec2amaz-n6l6q6q\",\n    \"architecture\": \"x86_64\",\n    \"os\": {\n      \"type\": \"windows\",\n      \"platfo
rm\": \"windows\",\n      \"version\": \"10.0\",\n      \"family\": \"windows\",\n      \"name\": \"Windows Server 2016 Datacenter\",\n      \"kernel\"
: \"10.0.14393.6611 (rs1_release.231218-1733)\",\n      \"build\": \"14393.6614\"\n    },\n    \"name\": \"ec2amaz-n6l6q6q\",\n    \"id\": \"556cb70f-3
36b-45e2-9ac3-ac04379e7ccd\",\n    \"ip\": [\n      \"10.147.119.41\"\n    ],\n    \"mac\": [\n      \"06-F8-7D-88-81-B7\"\n    ]\n  },\n  \"agent\": {
\n    \"ephemeral_id\": \"7771f5c0-141a-4e2c-a874-9c23fbbeeee3\",\n    \"id\": \"9091b0bc-c35d-495b-afd2-0df9d85cd87a\",\n    \"name\": \"EC2AMAZ-N6L6Q
6Q\",\n    \"type\": \"filebeat\",\n    \"version\": \"8.12.1\"\n  }\n}","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-02-15T19:10:53.738Z","log.logger":"processors","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/pu
blisher/processing.debugPrintProcessor.func1","file.name":"processing/processors.go","file.line":213},"message":"Publish event: {\n  \"@timestamp\": \"
2024-02-15T19:10:53.738Z\",\n  \"@metadata\": {\n    \"beat\": \"filebeat\",\n    \"type\": \"_doc\",\n    \"version\": \"8.12.1\"\n  },\n  \"ecs\": {\
n    \"version\": \"8.0.0\"\n  },\n  \"host\": {\n    \"name\": \"ec2amaz-n6l6q6q\",\n    \"architecture\": \"x86_64\",\n    \"os\": {\n      \"build\"
: \"14393.6614\",\n      \"type\": \"windows\",\n      \"platform\": \"windows\",\n      \"version\": \"10.0\",\n      \"family\": \"windows\",\n
\"name\": \"Windows Server 2016 Datacenter\",\n      \"kernel\": \"10.0.14393.6611 (rs1_release.231218-1733)\"\n    },\n    \"id\": \"556cb70f-336b-45e
2-9ac3-ac04379e7ccd\",\n    \"ip\": [\n      \"10.147.119.41\"\n    ],\n    \"mac\": [\n      \"06-F8-7D-88-81-B7\"\n    ],\n    \"hostname\": \"ec2ama
z-n6l6q6q\"\n  },\n  \"agent\": {\n    \"ephemeral_id\": \"7771f5c0-141a-4e2c-a874-9c23fbbeeee3\",\n    \"id\": \"9091b0bc-c35d-495b-afd2-0df9d85cd87a\
",\n    \"name\": \"EC2AMAZ-N6L6Q6Q\",\n    \"type\": \"filebeat\",\n    \"version\": \"8.12.1\"\n  },\n  \"cloud\": {\n    \"service\": {\n      \"nam
e\": \"Nova\"\n    },\n    \"provider\": \"openstack\",\n    \"instance\": {\n      \"id\": \"i-00a4b7325a712ccee\",\n      \"name\": \"ip-10-147-119-4
1.alpsec.ew1.alpha-dev.private.gemalto.com.\"\n    },\n    \"machine\": {\n      \"type\": \"t2.small\"\n    },\n    \"availability_zone\": \"eu-west-1
c\"\n  },\n  \"log\": {\n    \"offset\": 381,\n    \"file\": {\n      \"path\": \"c:\\\\Filebeat\\\\logs\\\\filebeat-20240215.ndjson\",\n      \"idxhi\
": \"8257536\",\n      \"idxlo\": \"386231\",\n      \"vol\": \"3932616615\"\n    }\n  },\n  \"message\": \"{\\\"log.level\\\":\\\"info\\\",\\\"@timest
amp\\\":\\\"2024-02-15T14:09:11.780Z\\\",\\\"log.origin\\\":{\\\"function\\\":\\\"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure\\\
",\\\"file.name\\\":\\\"instance/beat.go\\\",\\\"file.line\\\":819},\\\"me

Regards,
Tiziano

1 Like

Don't worry about those cloud metadata errors.. otherwise looks good to me.. you have debug on and publish that's why so many logs.

You can comment those out if you want but it does not matter.. if your host was a cloud container it would pick up so metadata

1 Like

@stephenb , thanks. One more question for you: for windows I need to capture system logs and security logs.
Which module should I be using to collect those?

Perhaps

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.