Hi,
Im using ES 5.5.0, LS 5.5.0. Kibana 5.5.0 and Filebeat 5.5.0.
Beat -> LS -> ES
Im instaliing filbeat in windows server 2012 for collecting log.
This is my filebeat config
filebeat.prospectors:
- input_type: log
# Paths that should be crawled and fetched. Glob based paths.
paths:
- E:\Office365\Office365\bin\Debug\log\Audit.SharePoint\*.json
document_type: sharepoint
- input_type: log
# Paths that should be crawled and fetched. Glob based paths.
paths:
- E:\Office365\Office365\bin\Debug\log\Audit.Exchange\*.json
document_type: exchange
- input_type: log
# Paths that should be crawled and fetched. Glob based paths.
paths:
- E:\Office365\Office365\bin\Debug\log\Audit.AzureActiveDirectory\*.json
document_type: azure
- input_type: log
# Paths that should be crawled and fetched. Glob based paths.
paths:
- E:\Office365\Office365\bin\Debug\log\Audit.General\*.json
document_type: azure
#----------------------------- Logstash output --------------------------------
output.logstash:
hosts: ["10.1.6.10:5044","10.1.6.20:5044"]
worker: 2
compression_level: 3
loadbalance: true
index: 'fb-office'
I get log from three folder and have many new file created. ( 100file per 5min; file size from 5-300kb).
When filebeat started, dont have any log (in ES) or connection from server log to LS.
I run filebeat with debug option, dont see any error. Only this log here https://pastebin.com/ABAtE9kx
Thanks, I found my problem.
I try to add some file log nginx and get theme (in server collect log O365) and i saw log is sent to ES.
I think format log is problem. Can't get them. Here is log, that i cant get..
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.