FIlebeat Output Configuration Error

stephenb · September 9, 2024, 9:33pm

1st good! Looks like it is working...

2nd please ... please... please do no past images of text they are borderline unreadable... please paste the texxgt with 3 Back ticks ``` before an after the code... see I can not cut / paste. debug search the imagezx...

The _cat indices shows you have filebeat with 1.9M Documents...

sorry typo... please run this and paste a couple results... in text

GET filebeat-*/_search <<<< Note _

So You have data doe sure.
Go to Kibana Discover make sure you set the timepicker correctly ... you probably have a time zone issue... so we will set a wide rang past and future...

Kibana -> Discover -> Data View Filebeat

Please see this post it will show you how

ignore all the cloud meta data stuff...
you can fix that with commenting these out it is just trying to get metadata that is not there...

processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
#  - add_cloud_metadata: ~
#  - add_docker_metadata: ~
#  - add_kubernetes_metadata: ~

dfir · September 9, 2024, 9:36pm

when I run that command I get this error:

"error": "Incorrect  HTTP method for url [/filebeat-*/search?pretty=true] and method [GET], allowed: [POST]". 
"status": 405

stephenb · September 9, 2024, 9:38pm

Please always show the command + results... remember we are debugging this over the internet...

you ran

GET /filebeat-*/search
................^. << No _ underscore..

SHould be

GET filebeat-*/_search
...............^

Go to Discover... you have data... Just "widen" the time picker...

dfir · September 9, 2024, 9:42pm

Here are the results.

The @timestamp column should show the time of the event correct? It currently shows the ingest time.
I can widen the time picker and see events but the @timestamp is not showing the times that are in the log file. it is showing the ingest time.

{
  "took": 4,
  "timed_out": false,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": {
      "value": 10000,
      "relation": "gte"
    },
    "max_score": 1,
    "hits": [
      {
        "_index": ".ds-filebeat-8.15.1-2024.09.09-000001",
        "_id": "gDug2JEBgF8Y42E8An5m",
        "_score": 1,
        "_source": {
          "@timestamp": "2024-09-09T21:10:40.650Z",
          "ecs": {
            "version": "8.0.0"
          },
          "host": {
            "hostname": "ec2amaz-368u98e",
            "architecture": "x86_64",
            "os": {
              "kernel": "10.0.20348.1249 (WinBuild.160101.0800)",
              "build": "20348.1249",
              "type": "windows",
              "platform": "windows",
              "version": "10.0",
              "family": "windows",
              "name": "Windows Server 2022 Datacenter"
            },
            "id": "44405d94-c710-497b-8476-4d25391fad78",
            "name": "ec2amaz-368u98e",
            "ip": [
              "fe80::ac1e:27e5:ff97:130d",
              "10.194.107.122"
            ],
            "mac": [
              "0E-A3-A8-5B-8E-F5"
            ]
          },
          "agent": {
            "ephemeral_id": "e88da111-97ff-4116-a446-dcf2dda72088",
            "id": "06a10110-6721-4cb9-bb50-5bd7582a5076",
            "name": "EC2AMAZ-368U98E",
            "type": "filebeat",
            "version": "8.15.1"
          },
          "cloud": {
            "service": {
              "name": "EC2"
            },
            "image": {
              "id": "ami-0e6760ea2851c035a"
            },
            "instance": {
              "id": "i-0600759f4d3851ef9"
            },
            "machine": {
              "type": "r5.4xlarge"
            },
            "region": "us-east-1",
            "availability_zone": "us-east-1b",
            "account": {
              "id": "606565331724"
            },
            "provider": "aws"
          },
          "log": {
            "offset": 192220192,
            "file": {
              "vol": "383979469",
              "path": """D:\01-evidence\ABZ3542\logs\auth.log""",
              "idxhi": "441057280",
              "idxlo": "17849"
            }
          },
          "message": "Jul 14 01:55:00 Director1 sshd[23412]: reprocess config line 31: Deprecated option RSAAuthentication",
          "input": {
            "type": "filestream"
          }
        }
      },
      {
        "_index": ".ds-filebeat-8.15.1-2024.09.09-000001",
        "_id": "gTug2JEBgF8Y42E8An5m",
        "_score": 1,
        "_source": {
          "@timestamp": "2024-09-09T21:10:40.706Z",
          "log": {
            "offset": 192220293,
            "file": {
              "path": """D:\01-evidence\ABZ3542\logs\auth.log""",
              "idxhi": "441057280",
              "idxlo": "17849",
              "vol": "383979469"
            }
          },
          "message": "Jul 14 01:55:00 Director1 sshd[23412]: reprocess config line 38: Deprecated option RhostsRSAAuthentication",
          "input": {
            "type": "filestream"
          },
          "ecs": {
            "version": "8.0.0"
          },
          "host": {
            "mac": [
              "0E-A3-A8-5B-8E-F5"
            ],
            "name": "ec2amaz-368u98e",
            "hostname": "ec2amaz-368u98e",
            "architecture": "x86_64",
            "os": {
              "kernel": "10.0.20348.1249 (WinBuild.160101.0800)",
              "build": "20348.1249",
              "type": "windows",
              "platform": "windows",
              "version": "10.0",
              "family": "windows",
              "name": "Windows Server 2022 Datacenter"
            },
            "id": "44405d94-c710-497b-8476-4d25391fad78",
            "ip": [
              "fe80::ac1e:27e5:ff97:130d",
              "10.194.107.122"
            ]
          },
          "agent": {
            "version": "8.15.1",
            "ephemeral_id": "e88da111-97ff-4116-a446-dcf2dda72088",
            "id": "06a10110-6721-4cb9-bb50-5bd7582a5076",
            "name": "EC2AMAZ-368U98E",
            "type": "filebeat"
          },
          "cloud": {
            "machine": {
              "type": "r5.4xlarge"
            },
            "region": "us-east-1",
            "availability_zone": "us-east-1b",
            "account": {
              "id": "606565331724"
            },
            "provider": "aws",
            "service": {
              "name": "EC2"
            },
            "image": {
              "id": "ami-0e6760ea2851c035a"
            },
            "instance": {
              "id": "i-0600759f4d3851ef9"
            }
          }
        }
      },
      {
        "_index": ".ds-filebeat-8.15.1-2024.09.09-000001",
        "_id": "gjug2JEBgF8Y42E8An5m",
        "_score": 1,
        "_source": {
          "@timestamp": "2024-09-09T21:10:40.706Z",
          "log": {
            "offset": 192220400,
            "file": {
              "idxlo": "17849",
              "vol": "383979469",
              "path": """D:\01-evidence\ABZ3542\logs\auth.log""",
              "idxhi": "441057280"
            }
          },
          "message": "Jul 14 01:55:00 Director1 sshd[23412]: Accepted publickey for vnmshauser from 208.69.233.70 port 50254 ssh2: RSA SHA256:kTgnJC4nBLaz7W7nAmIeHaCVdbbfRtQbBc/IgFRMQCM",
          "input": {
            "type": "filestream"
          },
          "ecs": {
            "version": "8.0.0"
          },
          "host": {
            "id": "44405d94-c710-497b-8476-4d25391fad78",
            "ip": [
              "fe80::ac1e:27e5:ff97:130d",
              "10.194.107.122"
            ],
            "name": "ec2amaz-368u98e",
            "mac": [
              "0E-A3-A8-5B-8E-F5"
            ],
            "hostname": "ec2amaz-368u98e",
            "architecture": "x86_64",
            "os": {
              "platform": "windows",
              "version": "10.0",
              "family": "windows",
              "name": "Windows Server 2022 Datacenter",
              "kernel": "10.0.20348.1249 (WinBuild.160101.0800)",
              "build": "20348.1249",
              "type": "windows"
            }
          },
          "agent": {
            "version": "8.15.1",
            "ephemeral_id": "e88da111-97ff-4116-a446-dcf2dda72088",
            "id": "06a10110-6721-4cb9-bb50-5bd7582a5076",
            "name": "EC2AMAZ-368U98E",
            "type": "filebeat"
          },
          "cloud": {
            "service": {
              "name": "EC2"
            },
            "image": {
              "id": "ami-0e6760ea2851c035a"
            },
            "instance": {
              "id": "i-0600759f4d3851ef9"
            },
            "machine": {
              "type": "r5.4xlarge"
            },
            "region": "us-east-1",
            "availability_zone": "us-east-1b",
            "account": {
              "id": "606565331724"
            },
            "provider": "aws"
          }
        }
      },
      {
        "_index": ".ds-filebeat-8.15.1-2024.09.09-000001",
        "_id": "gzug2JEBgF8Y42E8An5m",
        "_score": 1,
        "_source": {
          "@timestamp": "2024-09-09T21:10:40.706Z",
          "cloud": {
            "image": {
              "id": "ami-0e6760ea2851c035a"
            },
            "instance": {
              "id": "i-0600759f4d3851ef9"
            },
            "machine": {
              "type": "r5.4xlarge"
            },
            "region": "us-east-1",
            "availability_zone": "us-east-1b",
            "account": {
              "id": "606565331724"
            },
            "provider": "aws",
            "service": {
              "name": "EC2"
            }
          },
          "log": {
            "offset": 192220564,
            "file": {
              "idxlo": "17849",
              "vol": "383979469",
              "path": """D:\01-evidence\ABZ3542\logs\auth.log""",
              "idxhi": "441057280"
            }
          },
          "message": "Jul 14 01:55:00 Director1 sshd[23412]: pam_unix(sshd:session): session opened for user vnmshauser by (uid=0)",
          "input": {
            "type": "filestream"
          },
          "ecs": {
            "version": "8.0.0"
          },
          "host": {
            "os": {
              "kernel": "10.0.20348.1249 (WinBuild.160101.0800)",
              "build": "20348.1249",
              "type": "windows",
              "platform": "windows",
              "version": "10.0",
              "family": "windows",
              "name": "Windows Server 2022 Datacenter"
            },
            "id": "44405d94-c710-497b-8476-4d25391fad78",
            "ip": [
              "fe80::ac1e:27e5:ff97:130d",
              "10.194.107.122"
            ],
            "mac": [
              "0E-A3-A8-5B-8E-F5"
            ],
            "name": "ec2amaz-368u98e",
            "hostname": "ec2amaz-368u98e",
            "architecture": "x86_64"
          },
          "agent": {
            "version": "8.15.1",
            "ephemeral_id": "e88da111-97ff-4116-a446-dcf2dda72088",
            "id": "06a10110-6721-4cb9-bb50-5bd7582a5076",
            "name": "EC2AMAZ-368U98E",
            "type": "filebeat"
          }
        }
      },
      {
        "_index": ".ds-filebeat-8.15.1-2024.09.09-000001",
        "_id": "hDug2JEBgF8Y42E8An5m",
        "_score": 1,
        "_source": {
          "@timestamp": "2024-09-09T21:10:40.706Z",
          "log": {
            "file": {
              "vol": "383979469",
              "path": """D:\01-evidence\ABZ3542\logs\auth.log""",
              "idxhi": "441057280",
              "idxlo": "17849"
            },
            "offset": 192220673
          },
          "message": "Jul 14 01:55:00 Director1 systemd-logind[1566]: New session 308567 of user vnmshauser.",
          "input": {
            "type": "filestream"
          },
          "ecs": {
            "version": "8.0.0"
          },
          "host": {
            "name": "ec2amaz-368u98e",
            "id": "44405d94-c710-497b-8476-4d25391fad78",
            "ip": [
              "fe80::ac1e:27e5:ff97:130d",
              "10.194.107.122"
            ],
            "mac": [
              "0E-A3-A8-5B-8E-F5"
            ],
            "hostname": "ec2amaz-368u98e",
            "architecture": "x86_64",
            "os": {
              "name": "Windows Server 2022 Datacenter",
              "kernel": "10.0.20348.1249 (WinBuild.160101.0800)",
              "build": "20348.1249",
              "type": "windows",
              "platform": "windows",
              "version": "10.0",
              "family": "windows"
            }
          },
          "agent": {
            "type": "filebeat",
            "version": "8.15.1",
            "ephemeral_id": "e88da111-97ff-4116-a446-dcf2dda72088",
            "id": "06a10110-6721-4cb9-bb50-5bd7582a5076",
            "name": "EC2AMAZ-368U98E"
          },
          "cloud": {
            "provider": "aws",
            "service": {
              "name": "EC2"
            },
            "image": {
              "id": "ami-0e6760ea2851c035a"
            },
            "instance": {
              "id": "i-0600759f4d3851ef9"
            },
            "machine": {
              "type": "r5.4xlarge"
            },
            "region": "us-east-1",
            "availability_zone": "us-east-1b",
            "account": {
              "id": "606565331724"
            }
          }
        }
      },
      {
        "_index": ".ds-filebeat-8.15.1-2024.09.09-000001",
        "_id": "hTug2JEBgF8Y42E8An5m",
        "_score": 1,
        "_source": {
          "@timestamp": "2024-09-09T21:10:40.706Z",
          "ecs": {
            "version": "8.0.0"
          },
          "host": {
            "architecture": "x86_64",
            "os": {
              "version": "10.0",
              "family": "windows",
              "name": "Windows Server 2022 Datacenter",
              "kernel": "10.0.20348.1249 (WinBuild.160101.0800)",
              "build": "20348.1249",
              "type": "windows",
              "platform": "windows"
            },
            "id": "44405d94-c710-497b-8476-4d25391fad78",
            "ip": [
              "fe80::ac1e:27e5:ff97:130d",
              "10.194.107.122"
            ],
            "mac": [
              "0E-A3-A8-5B-8E-F5"
            ],
            "name": "ec2amaz-368u98e",
            "hostname": "ec2amaz-368u98e"
          },
          "agent": {
            "ephemeral_id": "e88da111-97ff-4116-a446-dcf2dda72088",
            "id": "06a10110-6721-4cb9-bb50-5bd7582a5076",
            "name": "EC2AMAZ-368U98E",
            "type": "filebeat",
            "version": "8.15.1"
          },
          "cloud": {
            "machine": {
              "type": "r5.4xlarge"
            },
            "region": "us-east-1",
            "availability_zone": "us-east-1b",
            "account": {
              "id": "606565331724"
            },
            "provider": "aws",
            "service": {
              "name": "EC2"
            },
            "image": {
              "id": "ami-0e6760ea2851c035a"
            },
            "instance": {
              "id": "i-0600759f4d3851ef9"
            }
          },
          "log": {
            "offset": 192220760,
            "file": {
              "path": """D:\01-evidence\ABZ3542\logs\auth.log""",
              "idxhi": "441057280",
              "idxlo": "17849",
              "vol": "383979469"
            }
          },
          "message": "Jul 14 01:55:00 Director1 systemd: pam_unix(systemd-user:session): session opened for user vnmshauser by (uid=0)",
          "input": {
            "type": "filestream"
          }
        }
      },
      {
        "_index": ".ds-filebeat-8.15.1-2024.09.09-000001",
        "_id": "hjug2JEBgF8Y42E8An5m",
        "_score": 1,
        "_source": {
          "@timestamp": "2024-09-09T21:10:40.706Z",
          "host": {
            "name": "ec2amaz-368u98e",
            "id": "44405d94-c710-497b-8476-4d25391fad78",
            "ip": [
              "fe80::ac1e:27e5:ff97:130d",
              "10.194.107.122"
            ],
            "mac": [
              "0E-A3-A8-5B-8E-F5"
            ],
            "hostname": "ec2amaz-368u98e",
            "architecture": "x86_64",
            "os": {
              "kernel": "10.0.20348.1249 (WinBuild.160101.0800)",
              "build": "20348.1249",
              "type": "windows",
              "platform": "windows",
              "version": "10.0",
              "family": "windows",
              "name": "Windows Server 2022 Datacenter"
            }
          },
          "agent": {
            "name": "EC2AMAZ-368U98E",
            "type": "filebeat",
            "version": "8.15.1",
            "ephemeral_id": "e88da111-97ff-4116-a446-dcf2dda72088",
            "id": "06a10110-6721-4cb9-bb50-5bd7582a5076"
          },
          "ecs": {
            "version": "8.0.0"
          },
          "cloud": {
            "service": {
              "name": "EC2"
            },
            "image": {
              "id": "ami-0e6760ea2851c035a"
            },
            "instance": {
              "id": "i-0600759f4d3851ef9"
            },
            "machine": {
              "type": "r5.4xlarge"
            },
            "region": "us-east-1",
            "availability_zone": "us-east-1b",
            "account": {
              "id": "606565331724"
            },
            "provider": "aws"
          },
          "log": {
            "file": {
              "path": """D:\01-evidence\ABZ3542\logs\auth.log""",
              "idxhi": "441057280",
              "idxlo": "17849",
              "vol": "383979469"
            },
            "offset": 192220873
          },
          "message": "Jul 14 01:55:01 Director1 CRON[23432]: pam_unix(cron:session): session opened for user root by (uid=0)",
          "input": {
            "type": "filestream"
          }
        }
      },
      {
        "_index": ".ds-filebeat-8.15.1-2024.09.09-000001",
        "_id": "hzug2JEBgF8Y42E8An5m",
        "_score": 1,
        "_source": {
          "@timestamp": "2024-09-09T21:10:40.706Z",
          "log": {
            "offset": 192220976,
            "file": {
              "vol": "383979469",
              "path": """D:\01-evidence\ABZ3542\logs\auth.log""",
              "idxhi": "441057280",
              "idxlo": "17849"
            }
          },
          "message": "Jul 14 01:55:01 Director1 CRON[23433]: pam_unix(cron:session): session opened for user root by (uid=0)",
          "input": {
            "type": "filestream"
          },
          "agent": {
            "name": "EC2AMAZ-368U98E",
            "type": "filebeat",
            "version": "8.15.1",
            "ephemeral_id": "e88da111-97ff-4116-a446-dcf2dda72088",
            "id": "06a10110-6721-4cb9-bb50-5bd7582a5076"
          },
          "ecs": {
            "version": "8.0.0"
          },
          "host": {
            "hostname": "ec2amaz-368u98e",
            "architecture": "x86_64",
            "name": "ec2amaz-368u98e",
            "os": {
              "platform": "windows",
              "version": "10.0",
              "family": "windows",
              "name": "Windows Server 2022 Datacenter",
              "kernel": "10.0.20348.1249 (WinBuild.160101.0800)",
              "build": "20348.1249",
              "type": "windows"
            },
            "id": "44405d94-c710-497b-8476-4d25391fad78",
            "ip": [
              "fe80::ac1e:27e5:ff97:130d",
              "10.194.107.122"
            ],
            "mac": [
              "0E-A3-A8-5B-8E-F5"
            ]
          },
          "cloud": {
            "instance": {
              "id": "i-0600759f4d3851ef9"
            },
            "machine": {
              "type": "r5.4xlarge"
            },
            "region": "us-east-1",
            "availability_zone": "us-east-1b",
            "account": {
              "id": "606565331724"
            },
            "provider": "aws",
            "service": {
              "name": "EC2"
            },
            "image": {
              "id": "ami-0e6760ea2851c035a"
            }
          }
        }
      },
      {
        "_index": ".ds-filebeat-8.15.1-2024.09.09-000001",
        "_id": "iDug2JEBgF8Y42E8An5m",
        "_score": 1,
        "_source": {
          "@timestamp": "2024-09-09T21:10:40.706Z",
          "cloud": {
            "account": {
              "id": "606565331724"
            },
            "provider": "aws",
            "service": {
              "name": "EC2"
            },
            "image": {
              "id": "ami-0e6760ea2851c035a"
            },
            "instance": {
              "id": "i-0600759f4d3851ef9"
            },
            "machine": {
              "type": "r5.4xlarge"
            },
            "region": "us-east-1",
            "availability_zone": "us-east-1b"
          },
          "log": {
            "offset": 192221079,
            "file": {
              "idxlo": "17849",
              "vol": "383979469",
              "path": """D:\01-evidence\ABZ3542\logs\auth.log""",
              "idxhi": "441057280"
            }
          },
          "message": "Jul 14 01:55:01 Director1 CRON[23433]: pam_unix(cron:session): session closed for user root",
          "input": {
            "type": "filestream"
          },
          "agent": {
            "ephemeral_id": "e88da111-97ff-4116-a446-dcf2dda72088",
            "id": "06a10110-6721-4cb9-bb50-5bd7582a5076",
            "name": "EC2AMAZ-368U98E",
            "type": "filebeat",
            "version": "8.15.1"
          },
          "ecs": {
            "version": "8.0.0"
          },
          "host": {
            "name": "ec2amaz-368u98e",
            "hostname": "ec2amaz-368u98e",
            "architecture": "x86_64",
            "os": {
              "family": "windows",
              "name": "Windows Server 2022 Datacenter",
              "kernel": "10.0.20348.1249 (WinBuild.160101.0800)",
              "build": "20348.1249",
              "type": "windows",
              "platform": "windows",
              "version": "10.0"
            },
            "id": "44405d94-c710-497b-8476-4d25391fad78",
            "ip": [
              "fe80::ac1e:27e5:ff97:130d",
              "10.194.107.122"
            ],
            "mac": [
              "0E-A3-A8-5B-8E-F5"
            ]
          }
        }
      },
      {
        "_index": ".ds-filebeat-8.15.1-2024.09.09-000001",
        "_id": "iTug2JEBgF8Y42E8An5m",
        "_score": 1,
        "_source": {
          "@timestamp": "2024-09-09T21:10:40.706Z",
          "log": {
            "offset": 192221171,
            "file": {
              "vol": "383979469",
              "path": """D:\01-evidence\ABZ3542\logs\auth.log""",
              "idxhi": "441057280",
              "idxlo": "17849"
            }
          },
          "message": "Jul 14 01:55:01 Director1 CRON[23432]: pam_unix(cron:session): session closed for user root",
          "input": {
            "type": "filestream"
          },
          "ecs": {
            "version": "8.0.0"
          },
          "host": {
            "ip": [
              "fe80::ac1e:27e5:ff97:130d",
              "10.194.107.122"
            ],
            "mac": [
              "0E-A3-A8-5B-8E-F5"
            ],
            "hostname": "ec2amaz-368u98e",
            "name": "ec2amaz-368u98e",
            "architecture": "x86_64",
            "os": {
              "type": "windows",
              "platform": "windows",
              "version": "10.0",
              "family": "windows",
              "name": "Windows Server 2022 Datacenter",
              "kernel": "10.0.20348.1249 (WinBuild.160101.0800)",
              "build": "20348.1249"
            },
            "id": "44405d94-c710-497b-8476-4d25391fad78"
          },
          "agent": {
            "type": "filebeat",
            "version": "8.15.1",
            "ephemeral_id": "e88da111-97ff-4116-a446-dcf2dda72088",
            "id": "06a10110-6721-4cb9-bb50-5bd7582a5076",
            "name": "EC2AMAZ-368U98E"
          },
          "cloud": {
            "machine": {
              "type": "r5.4xlarge"
            },
            "region": "us-east-1",
            "availability_zone": "us-east-1b",
            "account": {
              "id": "606565331724"
            },
            "provider": "aws",
            "service": {
              "name": "EC2"
            }, 
            "image": {
              "id": "ami-0e6760ea2851c035a"
            },
            "instance": {
              "id": "i-0600759f4d3851ef9"
            }
          }
        }
      }
    ]
  }
}

stephenb · September 9, 2024, 10:03pm

OK now we are getting there...

So no... because we just used the common filestream it does not know it is syslog etc so it does not know how to parse......

We did this to minimize variables because of the issues...

Now we will use the system module now to properly parse...

So now we will fix that...

Disable the filestream in filebeat.yml

- type: filestream

  # Unique ID among all inputs, an ID is required.
  id: my-filestream-id

  # Change to true to enable this input configuration.
  enabled: false <<<< HERE

Then let's clean up...

In Kibana Stack Management -> Data Stream
Delete the filebeat-8.15.1 datastream
Clean up the Filebeat registry so it will re-read the files, to do this, delete the contents of the data directory where you installed filebeat
Enable system module

PS > .\filebeat.exe modules enable system

edit modules.d/system.yml not sure if those are system or audit logs... edit the correct one, I assume you know which they are... Put in the single quotes

- module: system
  # Syslog
  syslog:
    enabled: true <<< HERE

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths: ['D:\01-evidence\ABZ3542\logs\*']

run setup

PS > .\filebeat.exe setup -e

run filebeat

PS > .\filebeat.exe -e

In the end... this is basically the quickstart...

Go look at your data

dfir · September 9, 2024, 10:25pm

Outstanding. This works now. Thanks for your patience and persistence. I appreciate it. Now the fun begins.

stephenb · September 9, 2024, 10:51pm

And now you've learned a lot and you can apply it going forward!

Topic		Replies	Views
Exiting: no outputs are defined, please define one under the output section Beats filebeat	12	2632	December 22, 2022
Foilebeat IIS Module Config Kibana	5	200	November 20, 2023
Hi i'm having trouble with this filebeat.yml configuration Beats filebeat	2	644	November 27, 2017
Filebeat : Exiting: No outputs are defined. Please define one under the output section Beats filebeat	1	3492	May 5, 2021
Can't send logs from filebeats to logstash Beats filebeat	5	4204	September 21, 2019

FIlebeat Output Configuration Error

Related topics