Hi
I'm using elk stack 8.3
I have a problem with Tomcat integrations ver 1.5.0.
I collect logs from file and elastic agent don't send data from tomcat log. I don't use fleet.
Logs from the same agent for /var/log/syslog or /var/log/messages works fine.
How could i debug what is wrong
I attached the elastic-agent.yml file
id: 4ce6c1d0-xxxx-11ed-bd95-xxxxxxxxx
revision: 2
outputs:
default:
type: elasticsearch
hosts:
- 'https://x.y.z.a:9200'
ssl.ca_trusted_fingerprint: xxxxxxxxxxxxxxxxxxxxxxxxx
username: '{xxxx}'
password: '{xxxx}'
output_permissions:
default:
_elastic_agent_monitoring:
indices: []
_elastic_agent_checks:
cluster:
- monitor
a198937d-xxxx-4a61-b544-xxxxxxxxxx:
indices:
- names:
- logs-system.auth-default
privileges: &ref_0
- auto_configure
- create_doc
- names:
- logs-system.syslog-default
privileges: *ref_0
- names:
- logs-system.security-default
privileges: *ref_0
- names:
- logs-system.system-default
privileges: *ref_0
- names:
- logs-system.application-default
privileges: *ref_0
- names:
- metrics-system.load-default
privileges: *ref_0
- names:
- metrics-system.memory-default
privileges: *ref_0
- names:
- metrics-system.uptime-default
privileges: *ref_0
- names:
- metrics-system.diskio-default
privileges: *ref_0
- names:
- metrics-system.process.summary-default
privileges: *ref_0
- names:
- metrics-system.network-default
privileges: *ref_0
- names:
- metrics-system.cpu-default
privileges: *ref_0
- names:
- metrics-system.process-default
privileges: *ref_0
- names:
- metrics-system.socket_summary-default
privileges: *ref_0
- names:
- metrics-system.fsstat-default
privileges: *ref_0
- names:
- metrics-system.filesystem-default
privileges: *ref_0
d0f44bed-287f-469a-bcae-a507d2aba7d0:
indices:
- names:
- logs-tomcat.log-default
privileges: *ref_0
agent:
monitoring:
enabled: false
logs: false
metrics: false
inputs:
- id: logfile-system-a198937d-4f15-4a61-b544-cee7d587962f
name: system-3
revision: 1
type: logfile
use_output: default
meta:
package:
name: system
version: 1.16.2
data_stream:
namespace: default
streams:
- id: logfile-system.auth-a198937d-4f15-4a61-b544-cee7d587962f
data_stream:
dataset: system.auth
type: logs
paths:
- /var/log/auth.log*
- /var/log/secure*
exclude_files:
- .gz$
multiline:
pattern: ^\s
match: after
processors:
- add_locale: null
- id: logfile-system.syslog-a198937d-4f15-4a61-b544-cee7d587962f
data_stream:
dataset: system.syslog
type: logs
paths:
- /var/log/messages*
- /var/log/syslog*
exclude_files:
- .gz$
multiline:
pattern: ^\s
match: after
processors:
- add_locale: null
- id: logfile-log-d0f44bed-287f-469a-bcae-a507d2aba7d0
name: tomcat-1
revision: 1
type: logfile
use_output: default
meta:
package:
name: tomcat
version: 1.5.0
data_stream:
namespace: default
streams:
- id: logfile-tomcat.log-d0f44bed-287f-469a-bcae-a507d2aba7d0
data_stream:
dataset: tomcat.log
type: logs
paths:
- /home/tomcat/logs/catalina.out
exclude_files:
- .gz$
tags:
- tomcat-log
- forwarded
fields_under_root: true
fields:
observer:
type: Web
vendor: Apache
product: TomCat
publisher_pipeline.disable_host: true
processors:
- script:
lang: javascript
params:
ecs: true
rsa: true
tz_offset: local
keep_raw: false
debug: false
source: "// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one\n// or more contributor license agreements. Licensed under the Elastic License;\n// you may not use this file except in compliance with the Elastic License.\n\n/* jshint -W014,-W016,-W097,-W116 */\n\nvar processor = require(\"processor\");\nvar console = require(\"console\");\n\nvar FLAG_FIELD = \"log.flags\";\nvar FIELD......."
- community_id: null
- registered_domain:
ignore_missing: true
ignore_failure: true
field: dns.question.name
target_field: dns.question.registered_domain
target_subdomain_field: dns.question.subdomain
target_etld_field: dns.question.top_level_domain
- registered_domain:
ignore_missing: true
ignore_failure: true
field: client.domain
target_field: client.registered_domain
target_subdomain_field: client.subdomain
target_etld_field: client.top_level_domain
- registered_domain:
ignore_missing: true
ignore_failure: true
field: server.domain
target_field: server.registered_domain
target_subdomain_field: server.subdomain
target_etld_field: server.top_level_domain
- registered_domain:
ignore_missing: true
ignore_failure: true
field: destination.domain
target_field: destination.registered_domain
target_subdomain_field: destination.subdomain
target_etld_field: destination.top_level_domain
- registered_domain:
ignore_missing: true
ignore_failure: true
field: source.domain
target_field: source.registered_domain
target_subdomain_field: source.subdomain
target_etld_field: source.top_level_domain
- registered_domain:
ignore_missing: true
ignore_failure: true
field: url.domain
target_field: url.registered_domain
target_subdomain_field: url.subdomain
target_etld_field: url.top_level_domain
- add_locale: null