Filebeat not using configured path on Windows

kpaulsenegain · January 24, 2017, 5:59pm

For this configuration:

###################### Filebeat Configuration Example #########################

# This file is an example configuration file highlighting only the most common
# options. The filebeat.full.yml file from the same directory contains all the
# supported options with more comments. You can use it as a reference.
#
# You can find the full configuration reference here:
# https://www.elastic.co/guide/en/beats/filebeat/index.html

#=========================== Filebeat prospectors =============================

filebeat.prospectors:

# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.

- input_type: log

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    #- /var/log/*.log
    #- c:\programdata\elasticsearch\logs\*
    - d:\workspace\Indexers\tempIIS\*

When I start filebeat with this command

filebeat -c filebeat.yml -v -d "*"

this is what I get:

2017-01-24T09:51:45-08:00 INFO Metrics logging every 30s 2017-01-24T09:51:45-08:00 INFO Home path: [C:\Program Files\Filebeat] Config path: [C:\Program Files\Filebeat] Data path: [C:\Program Files\Filebeat\data] Logs path: [C:\Program Files\Filebeat\logs] 2017-01-24T09:51:45-08:00 INFO Setup Beat: filebeat; Version: 5.1.2 2017-01-24T09:51:45-08:00 DBG Processors: 2017-01-24T09:51:45-08:00 DBG Initializing output plugins 2017-01-24T09:51:45-08:00 INFO Loading template enabled. Reading template file: C:\Program Files\Filebeat\filebeat.template.json 2017-01-24T09:51:45-08:00 INFO Loading template enabled for Elasticsearch 2.x. Reading template file: C:\Program Files\Filebeat\filebeat.template-es2x.json 2017-01-24T09:51:45-08:00 INFO Elasticsearch url: http://localhost:9200 2017-01-24T09:51:45-08:00 INFO Activated elasticsearch as output plugin. 2017-01-24T09:51:45-08:00 DBG Create output worker 2017-01-24T09:51:45-08:00 DBG No output is defined to store the topology. The server fields might not be filled. 2017-01-24T09:51:45-08:00 INFO Publisher name: SAVCORP360 2017-01-24T09:51:45-08:00 INFO Flush Interval set to: 1s 2017-01-24T09:51:45-08:00 INFO Max Bulk Size set to: 50 2017-01-24T09:51:45-08:00 DBG create bulk processing worker (interval=1s, bulk size=50) 2017-01-24T09:51:45-08:00 INFO filebeat start running. 2017-01-24T09:51:45-08:00 DBG Windows is interactive: true 2017-01-24T09:51:45-08:00 INFO Registry file set to: C:\Program Files\Filebeat\data\registry 2017-01-24T09:51:45-08:00 INFO Loading registrar data from C:\Program Files\Filebeat\data\registry 2017-01-24T09:51:45-08:00 INFO States Loaded from registrar: 0 2017-01-24T09:51:45-08:00 INFO Loading Prospectors: 1 2017-01-24T09:51:45-08:00 INFO Starting Registrar 2017-01-24T09:51:45-08:00 INFO Start sending events to output 2017-01-24T09:51:45-08:00 INFO Starting spooler: spool_size: 2048; idle_timeout: 5s 2017-01-24T09:51:45-08:00 DBG exclude_files: [] 2017-01-24T09:51:45-08:00 INFO Prospector with previous states loaded: 0 2017-01-24T09:51:45-08:00 DBG File Configs: [/var/log/*.log] 2017-01-24T09:51:45-08:00 INFO Loading Prospectors completed. Number of prospectors: 1 2017-01-24T09:51:45-08:00 INFO All prospectors are initialised and running with 0 states to persist 2017-01-24T09:51:45-08:00 DBG Starting prospector 0 2017-01-24T09:51:45-08:00 INFO Starting prospector of type: log 2017-01-24T09:51:45-08:00 DBG Start next scan

Why is the File Configs: [var/log/*.log]?
How to I identify that once the system is started the prospector is looking at the correct configured path?

This is on a Window server.

kpaulsenegain · January 24, 2017, 6:41pm

When I moved the directory from not being in Program Files and put it in another directory that seems to have corrected it

kpaulsenegain · January 24, 2017, 6:44pm

So I'm confused on how to get this configured based on the documentation when I configure as a service it puts registry stuff in a Hidden directory ProgramsData and when I run it command line it puts it in the home directory under data and I was not able to get it working running as a service but will play around with that later

ruflin · January 25, 2017, 12:40pm

You can configure the location of the registry file with filebeat.registry_file:. It depends on what the path.* variables are set to.

Make sure you point to the correct config file when running filebeat.

system · February 22, 2017, 12:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat on windows Beats filebeat	2	2806	April 17, 2018
ERROR instance/beat Exiting: Error in initing prospector: No paths were defined for prospector accessing config Beats filebeat	10	3988	May 11, 2018
No paths were defined for prospector accessing config Beats filebeat	7	3927	January 31, 2018
Filebeat not dumping logs Beats filebeat	4	1571	December 7, 2017
Filebeat configuration with output elasticsearch Issue Beats filebeat	3	480	March 18, 2019

Filebeat not using configured path on Windows

Related topics