Hi,
I have a filebeat with custom index for cisco logs.
Here is my filebeat.yaml config:
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/*.log
#- c:\programdata\elasticsearch\logs\*
scan_frequency: 6s
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
#reload.period: 10s
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
host: "kibana:5601"
output.elasticsearch:
hosts: ["node-1:9200"]
indices:
- index: "cisco-beat-%{+yyyy.MM}"
when.contains:
event.module: "cisco"
protocol: "https"
ssl.certificate: "/etc/filebeat/filebeat/filebeat.crt"
ssl.key: "/etc/filebeat/filebeat/filebeat.key"
ssl.certificate_authorities:
- /etc/filebeat/ca/ca.crt
username: "elastic"
password: "***********"
pipeline: geoip-info
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
But every day around 4:10 A.M cisco logs stop coming to elasticsearch. other modules are working fine.
when I restart filebeat the cisco module starts working again.
Here are my filebeat logs around that time. these logs keep repeating nonstop until I restart filebeat. any idea why?