Filebeat only sends logs on service restart

brayndasilva · March 30, 2016, 10:05am

Hi,

A while back I set up my ELK Stack and it's working fine, but I noticed that if I want to check the logs from my Client Server I have to go over there and restart the filebeat service.

Once restarted I can check the Syslogs in Kibana without any issues.

Can I configure it so it continuously or at least every x amount of time it refreshes and sends in the new logs?

This is my filebeat.yml config:

filebeat:
  prospectors:
    -
      paths:
        - /var/log/auth.log
        - /var/log/syslog
      #  - /var/log/*.log

      input_type: log
      
      document_type: syslog

  registry_file: /var/lib/filebeat/registry

output:
  logstash:
    hosts: ["elk_server_private_ip:5044"]
    bulk_max_size: 1024

    tls:
      certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]

shipper:

logging:
  files:
    rotateeverybytes: 10485760 # = 10MB

magnusbaeck · March 30, 2016, 11:26am

Can I configure it so it continuously or at least every x amount of time it refreshes and sends in the new logs?

The normal behavior of both Filebeat and Logstash is to process new data immediately. The behavior you describe isn't event possible to configure. Please check your Filebeat and Logstash logs for clues about what's going on in your case.

Topic		Replies	Views
Filebeat not sending new logs to ELK server untill restart Beats filebeat	13	3849	September 29, 2016
Filebeat only sends logs on restart Beats filebeat	2	1480	July 5, 2017
Filebeat has to be restarted to send logs to elasticsearch Beats filebeat	8	1827	June 24, 2017
Filebeat service doesn't send log Beats filebeat	11	3067	April 6, 2020
Logs generated while logstash stopped weren't collected after restart Logstash	6	2103	July 10, 2017

Filebeat only sends logs on service restart

Related topics