Filebeat only sends logs on service restart

brayndasilva · March 30, 2016, 10:05am

Hi,

A while back I set up my ELK Stack and it's working fine, but I noticed that if I want to check the logs from my Client Server I have to go over there and restart the filebeat service.

Once restarted I can check the Syslogs in Kibana without any issues.

Can I configure it so it continuously or at least every x amount of time it refreshes and sends in the new logs?

This is my filebeat.yml config:

filebeat:
  prospectors:
    -
      paths:
        - /var/log/auth.log
        - /var/log/syslog
      #  - /var/log/*.log

      input_type: log
      
      document_type: syslog

  registry_file: /var/lib/filebeat/registry

output:
  logstash:
    hosts: ["elk_server_private_ip:5044"]
    bulk_max_size: 1024

    tls:
      certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]

shipper:

logging:
  files:
    rotateeverybytes: 10485760 # = 10MB

magnusbaeck · March 30, 2016, 11:26am

Can I configure it so it continuously or at least every x amount of time it refreshes and sends in the new logs?

The normal behavior of both Filebeat and Logstash is to process new data immediately. The behavior you describe isn't event possible to configure. Please check your Filebeat and Logstash logs for clues about what's going on in your case.

Topic		Replies	Views
Filebeat Need Restart To send Logs Beats filebeat	10	3067	October 3, 2016
Needs to restart everytime filebeat in order to send log to logstash Beats filebeat	3	1805	November 10, 2016
Filebeat not sending new logs to ELK server untill restart Beats filebeat	13	3943	September 29, 2016
Filebeat only sends logs on restart Beats filebeat	2	1511	July 5, 2017
Filebeat not reading new logs changes when manually updated one of the logs Beats filebeat	17	7954	July 5, 2017

Filebeat only sends logs on service restart

Related topics