Filebeat greater than max file size

Elastic Stack Beats
1

Hallo,

we have an issue with our filebeat on some servers. I've added the configuration and the logs.
What can I do to solve this issue? I found nothing with google.

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
filebeat.modules:
- access:
    enabled: true
    var.paths:
    - /var/log/nginx/*-access.log
  error:
    enabled: true
    var.paths:
    - /var/log/nginx/*-error.log
  module: nginx
- auth:
    enabled: true
    var.paths:
    - /var/log/auth.log
  module: system
  syslog:
    enabled: true
    var.paths:
    - /var/log/syslog
- log:
    enabled: true
    var.paths:
    - /var/log/audit/audit.log*
  module: auditd
filebeat.prospectors:
- fields:
    log_type: squid
  paths:
  - /var/log/squid3/*.log
  type: log
- fields:
    log_type: beats
  paths:
  - /var/log/metricbeat/*
  - /var/log/packetbeat/*
  - /var/log/filebeat/*
  - /var/log/auditbeat/*
  - /var/log/heartbeat/*
  type: log
- fields:
    log_type: jira
  paths:
  - /opt/atlassian/jira/atlassian-jira-software-*/logs/catalina.out
  type: log
- fields:
    log_type: nexus
  paths:
  - /opt/sonatype-work/nexus3/log/*.log
  type: log
- fields:
    log_type: stash
  paths:
  - /var/atlassian/application-data/bitbucket/log/*.log
  type: log
- fields:
    log_type: postfix
  paths:
  - /var/log/mail.*
  type: log
- fields:
    log_type: linux
  paths:
  - /var/log/*.log
  type: log
- fields:
    log_type: salt
  paths:
  - /var/log/salt/minion
  - /var/log/salt/master
  type: log
logging.to_files: false
output.elasticsearch:
  hosts:
  - elasticsearch:9200

internalserver01 filebeat[734]: 2018-04-27 08:39:50.108141021 +0200 CEST m=+334618.218729772 write error: data size (16144468 bytes) is greater than the max file size (10485760 bytes)
Apr 27 08:41:01 internalserver01 filebeat[734]: 2018-04-27 08:41:01.679757692 +0200 CEST m=+334689.790346440 write error: data size (19440489 bytes) is greater than the max file size (10485760 bytes)
Apr 27 08:43:31 internalserver01 filebeat[734]: 2018-04-27 08:43:31.154082237 +0200 CEST m=+334839.264671008 write error: data size (16537713 bytes) is greater than the max file size (10485760 bytes)
Apr 27 08:44:23 internalserver01 filebeat[734]: 2018-04-27 08:44:23.82600208 +0200 CEST m=+334891.936590844 write error: data size (13849827 bytes) is greater than the max file size (10485760 bytes)
2

setting max_bytes in filebeat prospector config solved it.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.