Filebeat input and source files

Elastic Stack Beats
1

Hi all,

I have been trying to getting data from the local server and also from a remote server within the same network. But how can I make sure data are coming in?

Is there a command to check which are the source files or list the files location ?? Please advise.

2

Hi @skyluke.1987,

In filebeat logs you can check that How many or which file is harvested by filebeat and also, you can get other information as well.

Log Location : /var/log/filebeat/

Br,
Harsh Bajaj

3

Hi thanks for sharing, but my filebeat log file does not tell much and it stop recording after awhile event my filebeat still running normally.

Is there some command that can I use to list down?

Meanwhile can I check did I done the right thing this way :

 filebeat.inputs:
   - type: log
     enabled: true
     paths:
      - /var/ossec/logs/alerts/alerts.json
      - /var/log/nginx/*.json
      - /var/log/syslog
      - ip/var/log/nginx/error.log-*
      - ip/var/log/nginx/access.log-*
      - ip/etc/nginx/logs/*.access
      - ip/etc/nginx/logs/*.error
     scan_frequency: 10s
     json.keys_under_root: true

Currently I notice that my Filebeat is receiving and reading this file " log.file.path /var/log/messages" and when I go to the server and check, it does not provide much info. This could be the reason why my dashboard does not have sufficient data to display those graphs. Please advise how should I configure those logs. Thanks !!

4

Hi @skyluke.1987,

I would suggest you to enable the debug log in filebeat.yml file and restart filebeat service.

set below configuration in filebeat.yml file.
logging.level: debug

Br,
Harsh Bajaj

5

hi yes, I have enabled the debug mode. But when I go to log files, I cant see much details.

now the setting is :
root root filebeat (file permissions)

Is it correct ?

6

Hi @skyluke.1987,

Have you restart the filebeat service after changing the log level ?

I did't understand this. could you please explain a bit more?

Br,
Harsh Bajaj