Filebeat not picking up OSQUERY LOGS

Vansh_Kumar_Madan · September 20, 2020, 7:21pm

Hi,

I am trying to intergate filbeat osquey module, my osquery is running successfully, and logs are building up at path /var/log/osquery/osqueryd.results.log

I am passing this path in filebeat osquery module

osquery.yml


- module: osquery
  result:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths: ["/var/log/osquery/osqueryd.results.log"]

    # If true, all fields created by this module are prefixed with
    # `osquery.result`. Set to false to copy the fields in the root
    # of the document. The default is true.
    var.use_namespace: true

please anyone can confirm what is the problem, same happening with system module of filebeat

system · October 18, 2020, 7:21pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Osquery snapshot Beats filebeat	3	582	April 24, 2018
Osquery module logs not prefixed with osquery.result Beats filebeat	2	392	September 25, 2018
Osquery Module issue Beats filebeat	3	341	June 10, 2019
Filebeat 7.2's osquery module not respecting var.use_namespace: false Beats filebeat	2	354	August 22, 2019
Filebeat shared folder Beats filebeat	4	366	April 5, 2023

Filebeat not picking up OSQUERY LOGS

Related topics