Hi,

I am testing the filebeat app and I have encounter that after a while reading a syslog file it stops reading, I suspect is something related to the type of log, it is configured to rotate once a day at 10 AM, but when start reading the file it stops around 12 o'clock, I have checked the logs of filebeat and don't show any errors, here is my filebeat configuration:

filebeat.prospectors:

• input_type: log

Paths that should be crawled and fetched. Glob based paths.

paths:
- /data/rsyslog/*
close_inactive: 48h
output.elasticsearch:

Array of hosts to connect to.

enabled: true
hosts: ["localhost:9200"]
index: "proxybg-%{+yyyy.MM.dd}"

Optional ingest node pipeline. By default no pipeline will be used.

pipeline: "proxybg"

The number of times a particular Elasticsearch index operation is attempted. If

the indexing operation doesn't succeed after this many retries, the events are

dropped. The default is 3.

max_retries: 3

Template name. By default the template name is filebeat.

template.name: "proxybg-*"

Path to template file

template.path: "${path.config}/proxybg.template.json"

Overwrite existing template

template.overwrite: true

filebeat version 5.4.
Elasticsearch version 5.4

I am missing something?

Regards,

Jonathan

Could you share your filebeat log file? Perhaps you can enable debug level for the logs to see more details. Is your data directory a shared volume?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.