Unfortunately I'm still getting the same error message.
Entire Log output after running filebeat setup
{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.129+0200",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure",
"file.name":"instance/beat.go",
"file.line":811
},
"message":"Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.129+0200",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure",
"file.name":"instance/beat.go",
"file.line":819
},
"message":"Beat ID: 1e282e6b-e92c-4556-8455-cfea5f78a61b",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.134+0200",
"log.logger":"beat",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo",
"file.name":"instance/beat.go",
"file.line":1365
},
"message":"Beat info",
"service.name":"filebeat",
"system_info":{
"beat":{
"path":{
"config":"/etc/filebeat",
"data":"/var/lib/filebeat",
"home":"/usr/share/filebeat",
"logs":"/var/log/filebeat"
},
"type":"filebeat",
"uuid":"1e282e6b-e92c-4556-8455-cfea5f78a61b"
},
"ecs.version":"1.6.0"
}
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.134+0200",
"log.logger":"beat",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo",
"file.name":"instance/beat.go",
"file.line":1374
},
"message":"Build info",
"service.name":"filebeat",
"system_info":{
"build":{
"commit":"e9e462d71bdcd33a84d7f51753a116b5d418938f",
"libbeat":"8.13.1",
"time":"2024-03-27T15:39:08.000Z",
"version":"8.13.1"
},
"ecs.version":"1.6.0"
}
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.134+0200",
"log.logger":"beat",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo",
"file.name":"instance/beat.go",
"file.line":1377
},
"message":"Go runtime info",
"service.name":"filebeat",
"system_info":{
"go":{
"os":"linux",
"arch":"amd64",
"max_procs":6,
"version":"go1.21.8"
},
"ecs.version":"1.6.0"
}
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.137+0200",
"log.logger":"beat",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo",
"file.name":"instance/beat.go",
"file.line":1383
},
"message":"Host info",
"service.name":"filebeat",
"system_info":{
"host":{
"architecture":"x86_64",
"boot_time":"2024-04-03T00:51:32+02:00",
"containerized":false,
"name":"bag-trace-suricata",
"ip":[
"127.0.0.1",
"192.168.200.203"
],
"kernel_version":"6.1.0-18-amd64",
"mac":[
"e6:a5:8e:c6:b3:59"
],
"os":{
"type":"linux",
"family":"debian",
"platform":"debian",
"name":"Debian GNU/Linux",
"version":"12 (bookworm)",
"major":12,
"minor":0,
"patch":0,
"codename":"bookworm"
},
"timezone":"CEST",
"timezone_offset_sec":7200,
"id":"6ac20534d9d04d2fa842b346f5c3b099"
},
"ecs.version":"1.6.0"
}
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.138+0200",
"log.logger":"beat",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo",
"file.name":"instance/beat.go",
"file.line":1412
},
"message":"Process info",
"service.name":"filebeat",
"system_info":{
"process":{
"capabilities":{
"inheritable":null,
"permitted":[
"chown",
"dac_override",
"dac_read_search",
"fowner",
"fsetid",
"kill",
"setgid",
"setuid",
"setpcap",
"linux_immutable",
"net_bind_service",
"net_broadcast",
"net_admin",
"net_raw",
"ipc_lock",
"ipc_owner",
"sys_module",
"sys_rawio",
"sys_chroot",
"sys_ptrace",
"sys_pacct",
"sys_admin",
"sys_boot",
"sys_nice",
"sys_resource",
"sys_time",
"sys_tty_config",
"mknod",
"lease",
"audit_write",
"audit_control",
"setfcap",
"mac_override",
"mac_admin",
"syslog",
"wake_alarm",
"block_suspend",
"audit_read",
"perfmon",
"bpf",
"checkpoint_restore"
],
"effective":[
"chown",
"dac_override",
"dac_read_search",
"fowner",
"fsetid",
"kill",
"setgid",
"setuid",
"setpcap",
"linux_immutable",
"net_bind_service",
"net_broadcast",
"net_admin",
"net_raw",
"ipc_lock",
"ipc_owner",
"sys_module",
"sys_rawio",
"sys_chroot",
"sys_ptrace",
"sys_pacct",
"sys_admin",
"sys_boot",
"sys_nice",
"sys_resource",
"sys_time",
"sys_tty_config",
"mknod",
"lease",
"audit_write",
"audit_control",
"setfcap",
"mac_override",
"mac_admin",
"syslog",
"wake_alarm",
"block_suspend",
"audit_read",
"perfmon",
"bpf",
"checkpoint_restore"
],
"bounding":[
"chown",
"dac_override",
"dac_read_search",
"fowner",
"fsetid",
"kill",
"setgid",
"setuid",
"setpcap",
"linux_immutable",
"net_bind_service",
"net_broadcast",
"net_admin",
"net_raw",
"ipc_lock",
"ipc_owner",
"sys_module",
"sys_rawio",
"sys_chroot",
"sys_ptrace",
"sys_pacct",
"sys_admin",
"sys_boot",
"sys_nice",
"sys_resource",
"sys_time",
"sys_tty_config",
"mknod",
"lease",
"audit_write",
"audit_control",
"setfcap",
"mac_override",
"mac_admin",
"syslog",
"wake_alarm",
"block_suspend",
"audit_read",
"perfmon",
"bpf",
"checkpoint_restore"
],
"ambient":null
},
"cwd":"/home/bag",
"exe":"/usr/share/filebeat/bin/filebeat",
"name":"filebeat",
"pid":127059,
"ppid":127058,
"seccomp":{
"mode":"disabled",
"no_new_privs":false
},
"start_time":"2024-04-22T12:08:19.560+0200"
},
"ecs.version":"1.6.0"
}
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.139+0200",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).createBeater",
"file.name":"instance/beat.go",
"file.line":334
},
"message":"Setup Beat: filebeat; Version: 8.13.1",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.146+0200",
"log.logger":"elasticsearch",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.makeES",
"file.name":"elasticsearch/elasticsearch.go",
"file.line":63
},
"message":"Applying performance preset 'balanced': {\n \"bulk_max_size\": 1600,\n \"compression_level\": 1,\n \"idle_connection_timeout\": \"3s\",\n \"queue\": {\n \"mem\": {\n \"events\": 3200,\n \"flush\": {\n \"min_events\": 1600,\n \"timeout\": \"10s\"\n }\n }\n },\n \"worker\": 1\n}",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"warn",
"@timestamp":"2024-04-22T12:08:20.146+0200",
"log.logger":"elasticsearch",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.makeES",
"file.name":"elasticsearch/elasticsearch.go",
"file.line":66
},
"message":"Performance preset 'balanced' overrides user setting for field 'bulk_max_size'",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.146+0200",
"log.logger":"esclientleg",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.NewConnection",
"file.name":"eslegclient/connection.go",
"file.line":122
},
"message":"elasticsearch url: https://127.0.0.1:9200",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"warn",
"@timestamp":"2024-04-22T12:08:20.147+0200",
"log.logger":"tls",
"log.origin":{
"function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.(*TLSConfig).ToConfig",
"file.name":"tlscommon/tls_config.go",
"file.line":107
},
"message":"SSL/TLS verifications disabled.",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.147+0200",
"log.logger":"publisher",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.LoadWithSettings",
"file.name":"pipeline/module.go",
"file.line":105
},
"message":"Beat name: bag-trace-suricata",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.149+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.newModuleRegistry",
"file.name":"fileset/modules.go",
"file.line":135
},
"message":"Enabled modules/filesets: system (auth), system (syslog)",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.151+0200",
"log.logger":"esclientleg",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.NewConnection",
"file.name":"eslegclient/connection.go",
"file.line":122
},
"message":"elasticsearch url: https://127.0.0.1:9200",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"warn",
"@timestamp":"2024-04-22T12:08:20.151+0200",
"log.logger":"tls",
"log.origin":{
"function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.(*TLSConfig).ToConfig",
"file.name":"tlscommon/tls_config.go",
"file.line":107
},
"message":"SSL/TLS verifications disabled.",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"warn",
"@timestamp":"2024-04-22T12:08:20.151+0200",
"log.logger":"tls",
"log.origin":{
"function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.(*TLSConfig).ToConfig",
"file.name":"tlscommon/tls_config.go",
"file.line":107
},
"message":"SSL/TLS verifications disabled.",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.187+0200",
"log.logger":"esclientleg",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).Ping",
"file.name":"eslegclient/connection.go",
"file.line":304
},
"message":"Attempting to connect to Elasticsearch version 8.13.1 (default)",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.190+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.newModuleRegistry",
"file.name":"fileset/modules.go",
"file.line":135
},
"message":"Enabled modules/filesets: elasticsearch (server)",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.191+0200",
"log.logger":"esclientleg",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.NewConnection",
"file.name":"eslegclient/connection.go",
"file.line":122
},
"message":"elasticsearch url: https://127.0.0.1:9200",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"warn",
"@timestamp":"2024-04-22T12:08:20.191+0200",
"log.logger":"tls",
"log.origin":{
"function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.(*TLSConfig).ToConfig",
"file.name":"tlscommon/tls_config.go",
"file.line":107
},
"message":"SSL/TLS verifications disabled.",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"warn",
"@timestamp":"2024-04-22T12:08:20.191+0200",
"log.logger":"tls",
"log.origin":{
"function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.(*TLSConfig).ToConfig",
"file.name":"tlscommon/tls_config.go",
"file.line":107
},
"message":"SSL/TLS verifications disabled.",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.226+0200",
"log.logger":"esclientleg",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).Ping",
"file.name":"eslegclient/connection.go",
"file.line":304
},
"message":"Attempting to connect to Elasticsearch version 8.13.1 (default)",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.233+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.LoadPipeline",
"file.name":"fileset/pipelines.go",
"file.line":135
},
"message":"Elasticsearch pipeline loaded.",
"service.name":"filebeat",
"pipeline":"filebeat-8.13.1-elasticsearch-server-pipeline",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.234+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.LoadPipeline",
"file.name":"fileset/pipelines.go",
"file.line":135
},
"message":"Elasticsearch pipeline loaded.",
"service.name":"filebeat",
"pipeline":"filebeat-8.13.1-elasticsearch-server-pipeline-plaintext",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.236+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.LoadPipeline",
"file.name":"fileset/pipelines.go",
"file.line":135
},
"message":"Elasticsearch pipeline loaded.",
"service.name":"filebeat",
"pipeline":"filebeat-8.13.1-elasticsearch-server-pipeline-json",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.238+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.LoadPipeline",
"file.name":"fileset/pipelines.go",
"file.line":135
},
"message":"Elasticsearch pipeline loaded.",
"service.name":"filebeat",
"pipeline":"filebeat-8.13.1-elasticsearch-server-pipeline-json-7",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.240+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.LoadPipeline",
"file.name":"fileset/pipelines.go",
"file.line":135
},
"message":"Elasticsearch pipeline loaded.",
"service.name":"filebeat",
"pipeline":"filebeat-8.13.1-elasticsearch-server-pipeline-json-8",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.241+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.newModuleRegistry",
"file.name":"fileset/modules.go",
"file.line":135
},
"message":"Enabled modules/filesets: kibana (log)",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.241+0200",
"log.logger":"esclientleg",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.NewConnection",
"file.name":"eslegclient/connection.go",
"file.line":122
},
"message":"elasticsearch url: https://127.0.0.1:9200",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"warn",
"@timestamp":"2024-04-22T12:08:20.241+0200",
"log.logger":"tls",
"log.origin":{
"function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.(*TLSConfig).ToConfig",
"file.name":"tlscommon/tls_config.go",
"file.line":107
},
"message":"SSL/TLS verifications disabled.",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"warn",
"@timestamp":"2024-04-22T12:08:20.241+0200",
"log.logger":"tls",
"log.origin":{
"function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.(*TLSConfig).ToConfig",
"file.name":"tlscommon/tls_config.go",
"file.line":107
},
"message":"SSL/TLS verifications disabled.",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.278+0200",
"log.logger":"esclientleg",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).Ping",
"file.name":"eslegclient/connection.go",
"file.line":304
},
"message":"Attempting to connect to Elasticsearch version 8.13.1 (default)",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.285+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.LoadPipeline",
"file.name":"fileset/pipelines.go",
"file.line":135
},
"message":"Elasticsearch pipeline loaded.",
"service.name":"filebeat",
"pipeline":"filebeat-8.13.1-kibana-log-pipeline",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.287+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.LoadPipeline",
"file.name":"fileset/pipelines.go",
"file.line":135
},
"message":"Elasticsearch pipeline loaded.",
"service.name":"filebeat",
"pipeline":"filebeat-8.13.1-kibana-log-pipeline-7",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.289+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.LoadPipeline",
"file.name":"fileset/pipelines.go",
"file.line":135
},
"message":"Elasticsearch pipeline loaded.",
"service.name":"filebeat",
"pipeline":"filebeat-8.13.1-kibana-log-pipeline-ecs",
"ecs.version":"1.6.0"
}{
"log.level":"error",
"@timestamp":"2024-04-22T12:08:20.289+0200",
"log.logger":"load",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/cfgfile.(*RunnerList).Reload",
"file.name":"cfgfile/list.go",
"file.line":138
},
"message":"Error creating runner from config: error getting filesets for module suricata: open /usr/share/filebeat/module/suricata: no such file or directory",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.291+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.newModuleRegistry",
"file.name":"fileset/modules.go",
"file.line":135
},
"message":"Enabled modules/filesets: system (syslog), system (auth)",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.292+0200",
"log.logger":"esclientleg",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.NewConnection",
"file.name":"eslegclient/connection.go",
"file.line":122
},
"message":"elasticsearch url: https://127.0.0.1:9200",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"warn",
"@timestamp":"2024-04-22T12:08:20.292+0200",
"log.logger":"tls",
"log.origin":{
"function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.(*TLSConfig).ToConfig",
"file.name":"tlscommon/tls_config.go",
"file.line":107
},
"message":"SSL/TLS verifications disabled.",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"warn",
"@timestamp":"2024-04-22T12:08:20.293+0200",
"log.logger":"tls",
"log.origin":{
"function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.(*TLSConfig).ToConfig",
"file.name":"tlscommon/tls_config.go",
"file.line":107
},
"message":"SSL/TLS verifications disabled.",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.331+0200",
"log.logger":"esclientleg",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).Ping",
"file.name":"eslegclient/connection.go",
"file.line":304
},
"message":"Attempting to connect to Elasticsearch version 8.13.1 (default)",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.335+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.LoadPipeline",
"file.name":"fileset/pipelines.go",
"file.line":135
},
"message":"Elasticsearch pipeline loaded.",
"service.name":"filebeat",
"pipeline":"filebeat-8.13.1-system-syslog-pipeline",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.340+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.LoadPipeline",
"file.name":"fileset/pipelines.go",
"file.line":135
},
"message":"Elasticsearch pipeline loaded.",
"service.name":"filebeat",
"pipeline":"filebeat-8.13.1-system-auth-pipeline",
"ecs.version":"1.6.0"
}{
"log.level":"error",
"@timestamp":"2024-04-22T12:08:20.340+0200",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/cfgfile.(*Reloader).Load",
"file.name":"cfgfile/reload.go",
"file.line":255
},
"message":"Error loading configuration files: 1 error: Error creating runner from config: error getting filesets for module suricata: open /usr/share/filebeat/module/suricata: no such file or directory",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.340+0200",
"log.logger":"load",
"log.origin":{
"function":"github.com/elastic/beats/v7/libbeat/cfgfile.(*RunnerList).Stop",
"file.name":"cfgfile/list.go",
"file.line":188
},
"message":"Stopping 3 runners ...",
"service.name":"filebeat",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.345+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.LoadPipeline",
"file.name":"fileset/pipelines.go",
"file.line":135
},
"message":"Elasticsearch pipeline loaded.",
"service.name":"filebeat",
"pipeline":"filebeat-8.13.1-system-auth-pipeline",
"ecs.version":"1.6.0"
}{
"log.level":"info",
"@timestamp":"2024-04-22T12:08:20.348+0200",
"log.logger":"modules",
"log.origin":{
"function":"github.com/elastic/beats/v7/filebeat/fileset.LoadPipeline",
"file.name":"fileset/pipelines.go",
"file.line":135
},
"message":"Elasticsearch pipeline loaded.",
"service.name":"filebeat",
"pipeline":"filebeat-8.13.1-system-syslog-pipeline",
"ecs.version":"1.6.0"
}