Filebeat ignore harvest JSON file

Marek_Pastier · January 22, 2019, 6:52am

Hi guys
My configuration for Filebeat ver 6.5 ignore harvesting json log file. My actual configuration /etc/filebeat/filebeat.yml

filebeat.inputs:

type: log
json.keys_under_root: true
json.add_error_key: true
paths:

/var/log/eset.log

example some lines from json files

{"event_type":"Threat_Event","ipv4":"10.195.21.253"}
{"event_type":"Threat_Event","ipv4":"10.195.21.253"}

shrikantgulia · January 22, 2019, 10:31am

Hello @Marek_Pastier,
try to use this

filebeat.prospectors:

input_type: log
paths:
- /home/rdave/Downloads/*.json
  fields:
  service_id: *
  fields_under_root: true
  output.logstash:
  hosts: ['localhost:5044']

Marek_Pastier · January 23, 2019, 7:26am

thank you for proposal. But is not working for me. I change filebeat configuration next.

filebeat.inputs:

filebeat.prospectors:
- type: log
  enabled: true
  paths:
    - /var/log/eset.log
  json.keys_under_root: true
  json.add_error_key: true

Now is working. Here is seeting from logstash folder.
cd /etc/logstash/conf.d/
ls -l
02-beats-input.conf
10-syslog-filter.conf
15-eset-filter.conf
30-elasticsearch-output.conf

cat 15-eset-filter.conf

input {
beats {
port => "5044"
host => "localhost"
}
}
filter {
json {
source => "message"
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
}
}

system · February 20, 2019, 7:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Issue with Json? Beats filebeat	4	443	November 17, 2018
Problem with JSON logs Beats filebeat	3	561	March 9, 2019
Json data logging has strange behaviour Beats filebeat	1	244	October 22, 2019
Filebeat 5.4.2 not processing JSON file Beats	3	693	July 15, 2017
How to filter log level with json in filebeat Beats filebeat	2	4017	January 15, 2018

Filebeat ignore harvest JSON file

Related topics