Filebeat input and source files

skyluke.1987 · February 20, 2020, 7:53am

Hi all,

I have been trying to getting data from the local server and also from a remote server within the same network. But how can I make sure data are coming in?

Is there a command to check which are the source files or list the files location ?? Please advise.

harshbajaj16 · February 20, 2020, 11:35am

Hi @skyluke.1987,

In filebeat logs you can check that How many or which file is harvested by filebeat and also, you can get other information as well.

Log Location : /var/log/filebeat/

Br,
Harsh Bajaj

skyluke.1987 · February 21, 2020, 2:14am

Hi thanks for sharing, but my filebeat log file does not tell much and it stop recording after awhile event my filebeat still running normally.

Is there some command that can I use to list down?

Meanwhile can I check did I done the right thing this way :

 filebeat.inputs:
   - type: log
     enabled: true
     paths:
      - /var/ossec/logs/alerts/alerts.json
      - /var/log/nginx/*.json
      - /var/log/syslog
      - ip/var/log/nginx/error.log-*
      - ip/var/log/nginx/access.log-*
      - ip/etc/nginx/logs/*.access
      - ip/etc/nginx/logs/*.error
     scan_frequency: 10s
     json.keys_under_root: true

Currently I notice that my Filebeat is receiving and reading this file " log.file.path /var/log/messages" and when I go to the server and check, it does not provide much info. This could be the reason why my dashboard does not have sufficient data to display those graphs. Please advise how should I configure those logs. Thanks !!

harshbajaj16 · February 24, 2020, 4:47am

Hi @skyluke.1987,

I would suggest you to enable the debug log in filebeat.yml file and restart filebeat service.

set below configuration in filebeat.yml file.
logging.level: debug

Br,
Harsh Bajaj

skyluke.1987 · March 2, 2020, 8:12am

hi yes, I have enabled the debug mode. But when I go to log files, I cant see much details.

now the setting is :
root root filebeat (file permissions)

Is it correct ?

harshbajaj16 · March 9, 2020, 11:03am

Hi @skyluke.1987,

Have you restart the filebeat service after changing the log level ?

I did't understand this. could you please explain a bit more?

Br,
Harsh Bajaj

system · April 6, 2020, 11:03am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Install Filebeat in remote server (Different from log servers) Beats filebeat	2	5784	June 20, 2017
Filebeat, nginx, elastic stack. Code printing out in Filebeat log Beats painless , filebeat , ingest-pipeline	1	227	September 22, 2022
Filebeat 0 inputs loaded Beats filebeat	4	38	October 4, 2024
No logs found for filebeat Beats filebeat	9	717	December 31, 2020
Filebeat harvests system logs even when not specified Beats filebeat	1	489	September 14, 2021

Filebeat input and source files

Related topics