Hi, I have installed filebeat on my windows machine. I've enabled the systema nd logstash module.
Here is the filebeat.yml
- type: filestream
# Unique ID among all inputs, an ID is required.
id: my-filestream-id
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- C:\ProgramData\filebeat\logs\*
fields:
type: windows_log
fields_under_root: true
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
output.logstash:
# The Logstash hosts
hosts: ["logstash-ip:5044"]
.\filebeat -e -c "C:\Program Files\Filebeat\filebeat.yml" test output
{"log.level":"info","@timestamp":"2023-04-21T12:47:01.489+0530","log.origin":{"file.name":"instance/beat.go","file.line":724},"message":"Home path: [C:\\Program Files\\Filebeat] Config path: [C:\\Program Files\\Filebeat] Data path: [C:\\Program Files\\Filebeat\\data] Logs path: [C:\\Program Files\\Filebeat\\logs]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-04-21T12:47:01.490+0530","log.origin":{"file.name":"instance/beat.go","file.line":732},"message":"Beat ID: cea733d5-40bd-4c1e-adad-0041a5258c1f","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-04-21T12:47:04.522+0530","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/provider_aws_ec2.go","file.line":81},"message":"read token request for getting IMDSv2 token returns empty: Put \"http://169.254.169.254/latest/api/token\": context deadline exceeded (Client.Timeout exceeded while awaiting headers). No token in the metadata request will be used.","service.name":"filebeat","ecs.version":"1.6.0"}
logstash: LOGSTASH:5044...
connection...
parse host... OK
dns lookup... OK
addresses: LOGSTASH IP
dial up... OK
TLS... WARN secure connection disabled
talk to server... OK
Here is my logstash pipeline conf file
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => "http://elasticsearch-ip:9200"
index => "test%{+YYYY.MM.dd}"
user => "usr"
password => "pwd"
}
}
When i start logstash the status shows active.
But the logs are not coming
Here is the status of logstash service
![image|690x316](upload://q67HPWFDx8kOwk2G8GfjfwxtFLf.png)
There are no logs on elasticsearch index
If i run logstash in debug mode
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/first_pipeline.conf --debug
I am getting address already in use. Even after i kill the other logstash process