Filebeat tags not reflected in kibana

Chop · February 7, 2020, 4:29pm

hi, i have been working with kibana and forwarding logs with filebeat.
right now i have a situation where 2 servers are getting a different tag than the one i supplied.

Filebeat configuration:

max_procs: 1

filebeat.prospectors:

input_type: log
paths:

/opt/apache-tomcat/logs/*.log

/opt/apache-tomcat/logs//.log
exclude_files:

/opt/apache-tomcat/logs/localhost_access_log.*.txt

/opt/apache-tomcat/logs/localhost.*.log

/opt/apache-tomcat/logs/catalina.*.log
tags: ["xt_ppc", "abc"]
ignore_older: 24h
multiline.pattern: '[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2},[0-9]{3}'
multiline.negate: true
multiline.match: after

input_type: log
paths:

/opt/apache-tomcat/logs/*.log
exclude_files:

/opt/apache-tomcat/logs/localhost_access_log.*.txt

/opt/apache-tomcat/logs/localhost..*.log

/opt/apache-tomcat/logs/catalina.*.log
tags: ["xt_ppc", "abc"]
ignore_older: 24h
multiline.pattern: '^MSI POOR'
multiline.negate: true
multiline.match: after

output.redis:
hosts: ["someserver.com:6379"]
key: "xt"
timeout: 30

I think the issue started when i started the filebeat service with out the multi-pattern.
now after i fixed and restart the service the issue remain, it didnt fix it for new logs.

it seemed that filebeat forwared a .gz file instead of a log not sure why but it did:

ęo�$>�A��~�f�o�fGXL��|��#Y�}l�5h�w\҅4h�/�^��w>\��wF�Έ�ǈ�l��a��}�Մ�[��r'G�jȓո]a��
m7��sauY��^Z,��9'+wWי]%A|��:F#l��N�ݬa)�-�ĭ��j �s�b��0�-��j�G� w��1[�IЕ��Iu?8��6h��~n;�!�>��v��å�ta�I<��Ћl�W4L�R�q0�I�>�2ޥCRm[e��sB��L*O7T��mqW�t�B�[��!�Y��0&g`�6}��m�0��K&�Ι��g,%��?�e>y"�2��8�{��O;�&��+�Ά�U0��^�=��!��gJ|��B^�`.�&�E=ԟtO��f�}��+�v�<�sn<��x�eQ��`�� 1

DId i corrupt my index? should i delete it?
if yes, will the index get auto regenerated?

how can i fix this?

system · March 6, 2020, 4:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.