Filebeat input and source files

Hi all,

I have been trying to getting data from the local server and also from a remote server within the same network. But how can I make sure data are coming in?

Is there a command to check which are the source files or list the files location ?? Please advise.

Hi @skyluke.1987,

In filebeat logs you can check that How many or which file is harvested by filebeat and also, you can get other information as well.

Log Location : /var/log/filebeat/

Harsh Bajaj

Hi thanks for sharing, but my filebeat log file does not tell much and it stop recording after awhile event my filebeat still running normally.

Is there some command that can I use to list down?

Meanwhile can I check did I done the right thing this way :

   - type: log
     enabled: true
      - /var/ossec/logs/alerts/alerts.json
      - /var/log/nginx/*.json
      - /var/log/syslog
      - ip/var/log/nginx/error.log-*
      - ip/var/log/nginx/access.log-*
      - ip/etc/nginx/logs/*.access
      - ip/etc/nginx/logs/*.error
     scan_frequency: 10s
     json.keys_under_root: true

Currently I notice that my Filebeat is receiving and reading this file " log.file.path /var/log/messages" and when I go to the server and check, it does not provide much info. This could be the reason why my dashboard does not have sufficient data to display those graphs. Please advise how should I configure those logs. Thanks !!

Hi @skyluke.1987,

I would suggest you to enable the debug log in filebeat.yml file and restart filebeat service.

set below configuration in filebeat.yml file.
logging.level: debug

Harsh Bajaj

hi yes, I have enabled the debug mode. But when I go to log files, I cant see much details.

now the setting is :
root root filebeat (file permissions)

Is it correct ?

Hi @skyluke.1987,

Have you restart the filebeat service after changing the log level ?

I did't understand this. could you please explain a bit more?

Harsh Bajaj

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.