i got this error on filebeat startup: "No paths given. What files do you want me to watch"
The config follow the idea to have the main .yml config with empty prospector section, which act as 'router'
filebeat: prospectors: config_dir: /home/elk/ELK/git-repo/bper-monitoring-elk/beat/filebeat/npv output: logstash: hosts: ["localhost:5043"]
and many files under the config_dir that act as proper prospector config, following the rule:
Full Path to directory with additional prospector configuration files. Each file must end with .yml
These config files must have the full filebeat config part inside, but only
the prospector part is processed. All global options like spool_size are ignored.
The config_dir MUST point to a different directory then where the main filebeat config file is in.
filebeat: prospectors: - # npv-facade.log paths: - /home/elk/LOG/*/BE1/npv-facade* input_type: log exclude_files: [ "*~$", "*filepart$", "*.gz$", "*.zip$"] fields: host: npv_be_1 fields_under_root: true ignore_older: 72h document_type: npv_facade_log multiline: pattern: "^\d\d-[A-Za-z][A-Za-z][A-Za-z]-\d\d\d\d \d\d:\d\d:\d\d,\d\d\d.*" negate: true match: after max_lines: 5000 - # server.log paths: - /home/elk/LOG/*/BE1/server* ....etc
I supposed it could be possible to set a config like that.. so am i wrong in this supposition or there is something bad at syntax level (i guess not because of the resulting error string) ??
ps sorry for bad markdown effect of the post