Hi,
I am trying to intergate filbeat osquey module, my osquery is running successfully, and logs are building up at path /var/log/osquery/osqueryd.results.log
I am passing this path in filebeat osquery module
osquery.yml
- module: osquery
result:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["/var/log/osquery/osqueryd.results.log"]
# If true, all fields created by this module are prefixed with
# `osquery.result`. Set to false to copy the fields in the root
# of the document. The default is true.
var.use_namespace: true
please anyone can confirm what is the problem, same happening with system module of filebeat