Hi,
I am testing the filebeat app and I have encounter that after a while reading a syslog file it stops reading, I suspect is something related to the type of log, it is configured to rotate once a day at 10 AM, but when start reading the file it stops around 12 o'clock, I have checked the logs of filebeat and don't show any errors, here is my filebeat configuration:
filebeat.prospectors:
- input_type: log
Paths that should be crawled and fetched. Glob based paths.
paths:
- /data/rsyslog/*
close_inactive: 48h
output.elasticsearch:Array of hosts to connect to.
enabled: true
hosts: ["localhost:9200"]
index: "proxybg-%{+yyyy.MM.dd}"
Optional ingest node pipeline. By default no pipeline will be used.
pipeline: "proxybg"
The number of times a particular Elasticsearch index operation is attempted. If
the indexing operation doesn't succeed after this many retries, the events are
dropped. The default is 3.
max_retries: 3
Template name. By default the template name is filebeat.
template.name: "proxybg-*"
Path to template file
template.path: "${path.config}/proxybg.template.json"
Overwrite existing template
template.overwrite: true
filebeat version 5.4.
Elasticsearch version 5.4
I am missing something?
Regards,
Jonathan