Hi,
i'm running ELK 8.12.1 on Ubuntu 22.04 LTS.
I try to rename a fileset (don't know if this is possible).
What i found in the net was this:
/etc/filebeat/modules.d/suricata.yml:
- module: suricata
eve:
enabled: false
var.paths: ["/var/log/suricata/eve.json"]
test:
enabled: true
var.paths: ["/var/log/suricata/eve.json"]
I disabled the old fileset (eve) and tried to enable a fileset with another name:test.
Then i did:
filebeat setup --pipelines -e
I got this error:
...
{"log.level":"error","@timestamp":"2024-03-15T17:40:14.332+0100","log.logger":"load","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cfgfile.(*RunnerList).Reload","file.name":"cfgfile/list.go","file.line":138},"message":"Error creating runner from config: fileset suricata/test is configured but doesn't exist","service.name":"filebeat","ecs.version":"1.6.0"}
Thanks for any help.
Bernd