Hello.
We were using the ELK stack with Filebeat prospector input configured, running everything on 6.3.1. Everything was working as expected. A week ago, upgraded ES, LS, and Kibana to 6.4.0 but left Filebeat on 6.3.1 (by accident, actually), and everything was still running fine afterward. Yesterday, I upgraded Filebeat to 6.4.0, moved over my config file and all my prospector files. Did what I needed to do to upgrade run as service (on windows 10 machine), restarted everything, and now it just ingests absolutely everything regardless of whether you have that particular prospector enabled or not.
Example
From filebeat.yml file:
filebeat.config.inputs:
enabled: true
path: C:\Elastic\Filebeat\6.4.0\config***.yml
reload.enabled: true
reload.period: 10s
beginning of prospector file:
- type: log
enabled: false
paths:- C:\Elastic....
ignore _older: 1209600
.................................more stuff..................
<
So the line above in the prospector file of "enabled: false" - it seems to just be ignoring that line altogether as of 6.4.0.
- C:\Elastic....
Thoughts?