Hi All,

I have installed filebeat on few servers but somehow logs are not getting created tried reinstalling the filebeat didn't worked. For previously configured servers index are getting created on daily basis Please find below details:

Filebeat.yml

• type: filestream

  Unique ID among all inputs, an ID is required.

  id: hostname

  Change to true to enable this input configuration.

  enabled: true

  Paths that should be crawled and fetched. Glob based paths.

  paths:

  • /pathtolog/.log
    #- c:\programdata\elasticsearch\logs*
    exclude_lines: [ "^-$", "^$" ]

======================= Elasticsearch template setting =======================

setup.template.name: "SB-APP"
setup.template.pattern: "SB-APP-*"
setup.ilm.enabled: false
setup.template.overwrite: true
setup.template.enabled: false
setup.template.settings:
index.number_of_shards: 1

---------------------------- Elasticsearch Output ----------------------------

output.elasticsearch:

Array of hosts to connect to.

hosts: ["ip:9200"]
index: "SB-APP-%{+yyyy.MM}"

$ sudo /usr/share/filebeat/bin/filebeat test config -c /etc/filebeat/filebeat.yml
Config OK

Elasticsearch xpack security is disabled

$ sudo filebeat test output
elasticsearch: ip:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: ip
dial up... OK
TLS... WARN secure connection disabled
talk to server... OK
version: 8.7.0

filebeat version
filebeat version 8.6.2 (amd64), libbeat 8.6.2 [9b77c2c135c228c2eedc310f6e975bb1a76169b1 built 2023-02-12 04:37:19 +0000 UTC]

Wondering is there any limit to servers to be setup for filebeat. Whenever I try to configure filebeat on any new server taking reference of working config its not able to create new index. Please advise if someone has an idea

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.