I was not getting any errors in filebeat but logs are not parsing. Please help me on this. I was new to this

Elastic Stack Beats
1

filebeat logs:


2022-11-02T18:11:20.778+0530	DEBUG	[publisher]	memqueue/ackloop.go:131	ackloop:  done send ack
2022-11-02T18:11:20.778+0530	DEBUG	[registrar]	registrar/registrar.go:263	Processing 1 events
2022-11-02T18:11:20.778+0530	DEBUG	[registrar]	registrar/registrar.go:230	Registrar state updates processed. Count: 1
2022-11-02T18:11:20.778+0530	DEBUG	[registrar]	registrar/registrar.go:205	Registry file updated. 1 active states.
2022-11-02T18:11:21.680+0530	DEBUG	[input.harvester]	log/log.go:111	End of file reached: D:\learning\elk\logstash\testing-logs\testing.log; Backoff now.	{"input_id": "e0e2c2f7-b43c-44cd-8f0a-7cb304fa4ef0", "source": "D:\\learning\\elk\\logstash\\testing-logs\\testing.log", "state_id": "native::15794176-72360-1552814282", "finished": false, "os_id": "15794176-72360-1552814282", "old_source": "D:\\learning\\elk\\logstash\\testing-logs\\testing.log", "old_finished": true, "old_os_id": "15794176-72360-1552814282", "harvester_id": "cd6ce31d-ba14-4195-bb57-24d168a9fe33"}
2022-11-02T18:11:23.673+0530	DEBUG	[reader_multiline]	multiline/pattern.go:170	Multiline event flushed because timeout reached.
2022-11-02T18:11:23.674+0530	DEBUG	[processors]	processing/processors.go:203	Publish event: {
  "@timestamp": "2022-11-02T12:41:18.662Z",
  "@metadata": {
    "beat": "filebeat",
    "type": "_doc",
    "version": "7.17.4"
  },
  "agent": {
    "version": "7.17.4",
    "hostname": "LAPTOP-8PTLOPM4",
    "ephemeral_id": "eea55b0f-7365-449d-8ec0-3904fe8e8384",
    "id": "8b10940d-cbf7-427d-b4a1-b5cfd8c6823d",
    "name": "LAPTOP-8PTLOPM4",
    "type": "filebeat"
  },
  "log": {
    "offset": 864,
    "file": {
      "path": "D:\\learning\\elk\\logstash\\testing-logs\\testing.log"
    },
    "flags": [
      "multiline"
    ]
  },
  "message": "2022-09-13 00:11:53,547  ERROR ",
  "tags": [
    "test"
  ],
  "input": {
    "type": "log"
  },
  "fields": {
    "version": "iis_v1",
    "app_id": "MyBell",
    "env": "iis"
  },
  "ecs": {
    "version": "1.12.0"
  },
  "host": {
    "name": "LAPTOP-8PTLOPM4"
  }
}
2022-11-02T18:11:24.683+0530	DEBUG	[logstash]	logstash/async.go:172	1 events out of 1 events sent to logstash host 127.0.0.1:5044. Continue sending

filebeat.yml:

filebeat.inputs:
- type: log
  #id: my-filestream-id
  enabled: true
  paths:
    - D:\learning\elk\logstash\testing-logs\testing.log
  tags: ["test"]
  multiline.pattern: '^[0-9]{4}-'
  multiline.negate: true
  multiline.match: after
2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.