Logs are stopped

well, the logs come to me fine for about 50 minutes but suddenly it stops, if anyone knows how to fix it I would appreciate it, here are the logs and the configuration files.

2022-04-05T12:25:01.688+0200    INFO    beater/filebeat.go:456  Stopping filebeat
2022-04-05T12:25:01.688+0200    INFO    beater/crawler.go:148   Stopping Crawler
2022-04-05T12:25:01.688+0200    INFO    beater/crawler.go:158   Stopping 1 inputs
2022-04-05T12:25:01.688+0200    INFO    cfgfile/reload.go:190   Dynamic config reloader stopped
2022-04-05T12:25:01.688+0200    INFO    [reload]        cfgfile/list.go:118     Stopping 2 runners ...
2022-04-05T12:25:01.688+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    [crawler]       beater/crawler.go:163   Stopping input: 3673764936556454733
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /var/log/auth.log. Closing.
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /server/www/html/log.es/logs/access.log. Closing.
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /var/log/apache2/access.log.1. Closing.
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /var/log/syslog. Closing.
2022-04-05T12:25:01.693+0200    INFO    beater/crawler.go:178   Crawler stopped
2022-04-05T12:25:01.693+0200    INFO    registrar/registrar.go:367      Stopping Registrar
2022-04-05T12:25:01.693+0200    INFO    registrar/registrar.go:293      Ending Registrar
2022-04-05T12:25:01.702+0200    INFO    [monitoring]    log/log.go:153  Total non-zero metrics  {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":890,"time":{"ms":894}},"total":{"ticks":3960,"time":{"ms":3964},"value":3960},"user":{"ticks":3070,"time":{"ms":3070}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"c0eb3962-4c5b-4cb3-9aea-d44b9702ba38","uptime":{"ms":2976889}},"memstats":{"gc_next":18810992,"memory_alloc":14071960,"memory_total":726142080,"rss":46952448},"runtime":{"goroutines":13}},"filebeat":{"events":{"added":5067,"done":5067},"harvester":{"closed":15,"open_files":0,"running":0,"started":15}},"libbeat":{"config":{"module":{"running":0},"reloads":1,"scans":297},"output":{"events":{"acked":5026,"batches":306,"failed":10,"total":5036},"read":{"bytes":1896,"errors":1},"type":"logstash","write":{"bytes":389243}},"pipeline":{"clients":0,"events":{"active":0,"filtered":41,"published":5026,"retry":1494,"total":5067},"queue":{"acked":5026}}},"registrar":{"states":{"current":15,"update":5067},"writes":{"success":346,"total":346}},"system":{"cpu":{"cores":1},"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.05,"5":0.01}}}}}}
2022-04-05T12:25:01.702+0200    INFO    [monitoring]    log/log.go:154  Uptime: 49m36.890648322s
2022-04-05T12:25:01.702+0200    INFO    [monitoring]    log/log.go:131  Stopping metrics logging.
2022-04-05T12:25:01.704+0200    INFO    instance/beat.go:469    filebeat stopped.

filebeat.inputs:
- type: log
  paths:
    - /server/www/html/log.es/logs/access.log
    - /server/www/html/log.es/logs/error.log
    - /server/www/html/internet.log.es/logs/error.log
    - /server/www/html/internet.log.es/logs/access.log
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: true

setup.template.settings:
  index.number_of_shards: 3

logging.level: info
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0640
output.logstash:
  hosts: ["IP:5044"]

version: '3.7'

services:
  elasticsearch:
    image: elasticsearch:7.9.2
    ports:
      - '9200:9200'
    environment:
      - discovery.type=single-node
    ulimits:
      memlock:
        soft: -1
        hard: -1


  kibana:
    image: kibana:7.9.2
    ports:
      - '5601:5601'

  logstash:
    image: logstash:7.9.2
    ports:
      - '5044:5044'
    volumes:
      - type: bind
        source: ./logstash_pipeline/
        target: /usr/share/logstash/pipeline
        read_only: true

input {
  beats {
    port => 5044
  }
}
filter {
  grok { match => { "message" => "%{COMBINEDAPACHELOG}" } }
  geoip { source => "clientip" }
}
output {
  elasticsearch {
    hosts => ["http://192.168.14.82:9200"]
    index => "%{[@metadata][beat]}-%{[@metadata][version]}"
  }
}

Could you please share debug logs of Filebeat? Are the input files rotated somehow? Do you see any errors in the logs of Logstash?

these are my filebeat logs, and in the logstrash, being mounted in docker, I see the logs in real time and I haven't seen anything out of the ordinary, it's as if at a certain moment it stops.

2022-04-05T12:24:54.869+0200    INFO    [monitoring]    log/log.go:145  Non-zero metrics in the last 30s        {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":890,"time":{"ms":3}},"total":{"ticks":3950,"time":{"ms":22},"value":3950},"user":{"ticks":3060,"time":{"ms":19}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":11},"info":{"ephemeral_id":"c0eb3962-4c5b-4cb3-9aea-d44b9702ba38","uptime":{"ms":2970057}},"memstats":{"gc_next":18810992,"memory_alloc":13629824,"memory_total":725699944,"rss":1077248},"runtime":{"goroutines":69}},"filebeat":{"events":{"added":4,"done":4},"harvester":{"files":{"4a2984ba-7edb-4fdc-abab-90cc15184579":{"last_event_published_time":"2022-04-05T12:24:35.216Z","last_event_timestamp":"2022-04-05T12:24:30.215Z","read_offset":293,"size":293},"92978114-a8ed-4215-ae2e-6c88fbb8ba55":{"last_event_published_time":"2022-04-05T12:24:25.139Z","last_event_timestamp":"2022-04-05T12:24:25.139Z","read_offset":137,"size":548},"af1d7146-d8a1-4422-be9e-b60aaca2a5da":{"size":3045}},"open_files":4,"running":4}},"libbeat":{"config":{"module":{"running":0},"scans":3},"output":{"events":{"acked":4,"batches":3,"total":4},"read":{"bytes":18},"write":{"bytes":1500}},"pipeline":{"clients":5,"events":{"active":0,"published":4,"total":4},"queue":{"acked":4}}},"registrar":{"states":{"current":15,"update":4},"writes":{"success":3,"total":3}},"system":{"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.05,"5":0.01}}}}}}
2022-04-05T12:25:01.688+0200    INFO    beater/filebeat.go:456  Stopping filebeat
2022-04-05T12:25:01.688+0200    INFO    beater/crawler.go:148   Stopping Crawler
2022-04-05T12:25:01.688+0200    INFO    beater/crawler.go:158   Stopping 1 inputs
2022-04-05T12:25:01.688+0200    INFO    cfgfile/reload.go:190   Dynamic config reloader stopped
2022-04-05T12:25:01.688+0200    INFO    [reload]        cfgfile/list.go:118     Stopping 2 runners ...
2022-04-05T12:25:01.688+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    [crawler]       beater/crawler.go:163   Stopping input: 3673764936556454733
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /var/log/auth.log. Closing.
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /server/www/html/log.es/logs/access.log. Closing.
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /var/log/apache2/access.log.1. Closing.
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    input/input.go:138      input ticker stopped
2022-04-05T12:25:01.693+0200    INFO    log/harvester.go:320    Reader was closed: /var/log/syslog. Closing.
2022-04-05T12:25:01.693+0200    INFO    beater/crawler.go:178   Crawler stopped
2022-04-05T12:25:01.693+0200    INFO    registrar/registrar.go:367      Stopping Registrar
2022-04-05T12:25:01.693+0200    INFO    registrar/registrar.go:293      Ending Registrar
2022-04-05T12:25:01.702+0200    INFO    [monitoring]    log/log.go:153  Total non-zero metrics  {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":890,"time":{"ms":894}},"total":{"ticks":3960,"time":{"ms":3964},"value":3960},"user":{"ticks":3070,"time":{"ms":3070}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"c0eb3962-4c5b-4cb3-9aea-d44b9702ba38","uptime":{"ms":2976889}},"memstats":{"gc_next":18810992,"memory_alloc":14071960,"memory_total":726142080,"rss":46952448},"runtime":{"goroutines":13}},"filebeat":{"events":{"added":5067,"done":5067},"harvester":{"closed":15,"open_files":0,"running":0,"started":15}},"libbeat":{"config":{"module":{"running":0},"reloads":1,"scans":297},"output":{"events":{"acked":5026,"batches":306,"failed":10,"total":5036},"read":{"bytes":1896,"errors":1},"type":"logstash","write":{"bytes":389243}},"pipeline":{"clients":0,"events":{"active":0,"filtered":41,"published":5026,"retry":1494,"total":5067},"queue":{"acked":5026}}},"registrar":{"states":{"current":15,"update":5067},"writes":{"success":346,"total":346}},"system":{"cpu":{"cores":1},"load":{"1":0,"15":0.05,"5":0.01,"norm":{"1":0,"15":0.05,"5":0.01}}}}}}
2022-04-05T12:25:01.702+0200    INFO    [monitoring]    log/log.go:154  Uptime: 49m36.890648322s
2022-04-05T12:25:01.702+0200    INFO    [monitoring]    log/log.go:131  Stopping metrics logging.
2022-04-05T12:25:01.704+0200    INFO    instance/beat.go:469    filebeat stopped.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.