I just started learning ELK stack. I'm trying to send logs via a log file from Filebeat directly to Elastic. Each row in the log file is a json. filebeat.yml file is shown below. I'm running all these services using docker in windows 11 machine. I've been trying to fix this for hours but couldn't find the root cause. I didn't see any errors in filebeat docker container but when Kibana.
After spending several hours on trying to make it work, I finally understood (I think) that filebeat needs to be run as a docker only when you want to retrieve logs from other docker containers running on the same machine. My goal is to ingest logs from a non-docker application running on a windows machine, so this set up wouldn't work.
I've installed the windows version of filebeat directly with slightly different yaml config. I managed to see few logs (finally!). The caveat though is that I only see 115 logs (out of 1800). I don't understand why the other logs are missing. There is only one file in the folder (log.json) that holds all the 1800 records.
I'm running the following two steps after updating the yaml file.
step1) Set up the assets using command ".\filebeat.exe setup -e"
step2) Start the filebeat service using command "Start-Service filebeat"
Each row in the log file is a json. Any help in resolving the issue is much appreciated. Thanks!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.