Filebeat tags not reflected in kibana

hi, i have been working with kibana and forwarding logs with filebeat.
right now i have a situation where 2 servers are getting a different tag than the one i supplied.

Filebeat configuration:

max_procs: 1

filebeat.prospectors:

• input_type: log
  paths:

  • /opt/apache-tomcat/logs/*.log
  • /opt/apache-tomcat/logs//.log
    exclude_files:
  • /opt/apache-tomcat/logs/localhost_access_log.*.txt
  • /opt/apache-tomcat/logs/localhost.*.log
  • /opt/apache-tomcat/logs/catalina.*.log
    tags: ["xt_ppc", "abc"]
    ignore_older: 24h
    multiline.pattern: '[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2},[0-9]{3}'
    multiline.negate: true
    multiline.match: after

• input_type: log
  paths:

  • /opt/apache-tomcat/logs/*.log
    exclude_files:
  • /opt/apache-tomcat/logs/localhost_access_log.*.txt
  • /opt/apache-tomcat/logs/localhost..*.log
  • /opt/apache-tomcat/logs/catalina.*.log
    tags: ["xt_ppc", "abc"]
    ignore_older: 24h
    multiline.pattern: '^MSI POOR'
    multiline.negate: true
    multiline.match: after

output.redis:
hosts: ["someserver.com:6379"]
key: "xt"
timeout: 30

I think the issue started when i started the filebeat service with out the multi-pattern.
now after i fixed and restart the service the issue remain, it didnt fix it for new logs.

it seemed that filebeat forwared a .gz file instead of a log not sure why but it did:

ęo�$>�A���~�f�o�fGXL��|����#Y�}l�5h�w\҅4h�/�^�����w>\���wF�Έ�Lj�l��a��}�Մ�[��r'G�jȓո]a�������
m7�����sauY��^Z,��œ9'+wWי]%A|��:F#l����N�ݬa)�-�ĭ������j �s�b����0�-��j�G� w���1[�IЕ��Iu?8��6h���~n;�!�>���v����å�ta�I<���Ћl�W4L�R�q0�I�>�2ޥCRm[e��sB��L*O7T��mqW�t�B�[���!�Y�
�0&g`�6}�
�m�0��K&�Ι���g,%��������?�e>y"�2���8�{�����O;�&�����+�Ά�U0�����^�=��!��gJ|��B^�`.�&�E=ԟtO��f�}����+�v�<�sn<����x�eQ������`�� �1

DId i corrupt my index? should i delete it?
if yes, will the index get auto regenerated?

how can i fix this?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.