January 19, 2016, 5:38am
I set up Elasticsearch in our Lab, there in filebeat.yml I given the following configuration
# The Logstash hosts
hosts: [" .. .:5044"]
even though Scan_frequency:10s, Filebeat is not Monitoring files.
It just Adding the files at very first time when it see new file path is given.
Could anyone help me to sort it out.
Please post full logs, i.e. start Filebeat with
-v -d "*".
-v is superfluous when
-d is specified but it won't hurt.)
January 19, 2016, 7:32am
Hi Magnus, Please find the below lines are in my Filebeat.yml file.
hosts: ["ip_add:5044"] // here output as Logstash
this is total file , means remaining all lines contains # front of them.
File is adding, I can discover through kibana.
but, later changes in files are not monitoring by Filebeat.
I asked for
logs, not your configuration (although it's good to have the full configuration, but please make sure you format it as code since YAML is indentation-sensitive and this forum strips leading whitespace).
January 19, 2016, 10:55am
why have you configured both, elasticsearch and logstash output? This on purpose?
January 20, 2016, 5:28am
Hi Magnus, I would like to monitor syslog. and I didn't found syslog so I given the path like,
in that folder all the below log files are there. problem is eventhough scan_frequency is 10s , it is not monitoring.
anaconda.log, audit, boot.log, btmp, cron, cups, dmesg, dracut.log, gdm, httpd, kern, maillog, mcelog, messages, mysqld.log, pm-powersave.log, sa-update.log, secure, spooler, tallylog, up2date, wtmp, Xorg.0.log, yum.log
January 20, 2016, 5:41am
there is no purpose for putting output both as elasticsearch and logstash. It is accidentally forget to comment one.