I just installed a new MS SQL Server 2016 Standard. Then imported a sample DB, just for testing the beats exporting. Those logs files are are generated by MS SQL, but file extension is .xel
. system_health_0_132472753407060000.xel
. This is not a plain text log, so I can't see what is inside. I am just trying to open these because I found somewhere that transaction logs could be found there, but I may be wrong.
All I want is to export logs that contain the transactions, at least the basic ones: INSERT, UPDATE, DELETE, DROP
. If I leave Filebeat with just the default settings and start the service, it will attempt to read only the ERRORLOG
files, but those does not have the transaction logs, just errors, besides that's not even from the right path.
2020-10-19T15:46:16.703-0400 INFO [crawler] beater/crawler.go:71 Loading Inputs: 1
2020-10-19T15:46:16.707-0400 INFO log/input.go:157 Configured paths: [c:\ProgramFiles\Microsoft SQL Server\MSSQL.1MSSQL\LOG\ERRORLOG*]
2020-10-19T15:46:16.707-0400 INFO [crawler] beater/crawler.go:108 Loading and starting Inputs completed. Enabled inputs: 0
2020-10-19T15:46:16.707-0400 INFO cfgfile/reload.go:164 Config reloader started
2020-10-19T15:46:16.710-0400 INFO log/input.go:157 Configured paths: [c:\ProgramFiles\Microsoft SQL Server\MSSQL.1MSSQL\LOG\ERRORLOG*]
The path c:\ProgramFiles\Microsoft SQL Server\MSSQL.1MSSQL\LOG\ERRORLOG
does not exist in my system. Instead should be C:\Program Files\Microsoft SQL Server\MSSQL13.TSSMSSQL\MSSQL\Log\ERRORLOG
. Because of that, no data is arriving to Elasticsearch. So I set var.paths: - C:\Program Files\Microsoft SQL Server\MSSQL13.TSSMSSQL\MSSQL\Log\ERRORLOG*
in mssql.yml
, but then Filebeat service fails to start with error:
2020-10-19T16:33:30.585-0400 ERROR instance/beat.go:951 Exiting: Failed to start crawler: creating module reloader failed: Error getting config for fileset mssql/log: Error interpreting the template of the input: template: text:3:24: executing "text" at <.paths>: range can't iterate over C:\Program Files\Microsoft SQL Server\MSSQL13.TSSMSSQL\MSSQL\Log\ERRORLOG*
And I haven't done anything else but to provide the right path so the default config can work.
This is why I disabled the mssql
module and enabled the filebeat.inputs
in the filebeat.yml
config file. Setting the same path that previously failed in mssql
module, C:\Program Files\Microsoft SQL Server\MSSQL13.TSSMSSQL\MSSQL\Log\ERRORLOG*
will work with out errors when used in filebeat.yml
.
If you could tell me how I can archive my goal with a basic or advanced settings, please show me how.
Thank you in advance