Fitebeat 6.3.1 system module issue

Elastic Stack Beats
18

Alright, lets try one more thing.

  1. Run curl -XDELETE "http://localhost:9200/_ingest/pipeline/filebeat-*"

  2. Edit your filebeat.yml and add: filebeat.overwrite_pipelines: true

  3. Start up filebeat

  4. In your filebeat logs, check if you have two lines like these:

    2018-07-25T13:29:18.570-0700    INFO    fileset/pipelines.go:62 Elasticsearch pipeline with ID 'filebeat-6.3.1-system-auth-pipeline' loaded
2018-07-25T13:29:18.591-0700    INFO    fileset/pipelines.go:62 Elasticsearch pipeline with ID 'filebeat-6.3.1-system-syslog-pipeline' loaded

  5. Run curl -XGET "http://localhost:9200/_ingest/pipeline/file*syslog*" and post it's response here.