Goodmorning,
i tried to search for this type of problem for few days but i didn't find anything.
The infrastructure is like this 
- 1 server with Wazuh-manager and Filebeat installed
- 1 server with Logstash, Elasticsearch and Kibana installed
What happens it's strange :
- everything is UP & running but i can't see no logs on Kibana
- first restart logstash or filebeat at 10.00 am
- all UP & running again
- second restart logstash or filebeat at 10.30 am
- on kibana it's possible to see only one log line concurrently with the first restart and then nothing again.
I tried to debug filebeat and it seems that all the log is passed to Logstash.
Filebeat configuration :
filebeat.inputs:
- type: log
paths:- '/var/ossec/logs/alerts/alerts.json'
- '/var/ossec/logs/archives/archives.json'
setup.template.json.enabled: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.template.overwrite: true
setup.ilm.enabled: false
output.logstash:
hosts: ["elasticserver:5000"]
protocol: https
ssl.certificate: "/etc/filebeat/certs/cert.crt"
ssl.key: "/etc/filebeat/certs/cert.key"
ssl.certificate_authorities: ["/etc/filebeat/certs/ca/ca.crt"]
username:
password:
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 30
permissions: 0600
I'm getting crazy about this, could you please help me to understand ?
Thank you so much