I am trying to send the data to elasticsearch through kibana. But I am not able to view it in kibana. I feel there is a some error in my configuration file or my json format.
My filebeat.yml file is below:
#=========================== Filebeat inputs =============================
filebeat.inputs:
- type: log
enabled: true
paths:
#- /var/log/*.log
- D:\Project\processhacker-master\logs\*.log
- input_type: log
- json.keys_under_root: true
- json.add_error_key: true
Below is my json file:
{"time":"12:39:27 PM 12/17/2018","msg": "Process created: taskhostw.exe (18052) started by svchost.exe (2096)"}
{"time":"12:39:28 PM 12/17/2018","msg":" Process terminated: LogonUI.exe (4280); exit status 0x0"}
{"time":"12:39:28 PM 12/17/2018","msg":" Process terminated: AtBroker.exe (5548); exit status 0x1"}
{"time":"12:39:28 PM 12/17/2018","msg":" Process terminated: WMIC.exe (6704); exit status 0x0"}
{"time":"12:39:28 PM 12/17/2018","msg":"Process terminated: taskhostw.exe (18052); exit status 0x0"}
{"time":"12:39:28 PM 12/17/2018","msg":"Process created: backgroundTaskHost.exe (10248) started by svchost.exe (420)"}
{"time":"12:40:09 PM 12/17/2018","msg":" Process created: smartscreen.exe (16184) started by svchost.exe (420)"}
Filebeat is running, but no data is getting passed through it to elasticsearch.