Jun 12 09:42:14 XXX filebeat[8839]: 2023-06-12T09:42:14.423+0200 INFO [publisher_pipeline_output] map[file.line:139 file.name:pipeline/client_worker.go] Connecting to backoff(async(tcp://loginput-t02.lvm.de:5046))#011{"ecs.version": "1.6.0"}
... but there are no logfiles:
$ ls -alh /var/lib/graylog-sidecar/collectors/filebeat/log
total 0
drwx------ 2 graylog graylog 6 Jun 12 09:41 .
drwxr-xr-x 4 graylog graylog 29 Jun 6 16:48 ..
Two questions:
Can only one log destination be used or should my configuration work?
Is it possible to change filebeats log format for syslog logging to json?
Multiple outputs for a single running instance of filebeat isn't supported. There is a discussion from 2021 here. There is a workaround posted here where you can run 2 filebeats each pointing to a different output. Another alternative would be to use Logstash which does support multiple outputs.
For your second question, what do you mean by:
Have you had a look at the syslog processor to see if that does want you want to do?
I think this is a misunderstanding: I do not want to send the logs to different output. I would like to configure the filebeat to log it's own messages both to files (the deafult) and to syslog.
Do you think this filebeat configuration snippet is valid?
I've been digging through the beats repo as the docs suggest it's one or the other to me. I'm not sure logging to both is valid, but I'm double checking to see if I can get an answer for you.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.