I'm trying to ingest logs from a .net application. I have filebeat installed on a node which pushes the logs to a logstash server.
2020-06-19 00:00:16.421 +02:00 [Error] [Band.Account.HealthCheckService] [2HB0AJ9Q9AI2O:00000001] The operation was canceled. System.Threading.Tasks.TaskCanceledException: The operation was canceled. ---> System.IO.IOException: Unable to read data from the transport connection: Operation canceled. ---> System.Net.Sockets.SocketException: Operation canceled --- End of inner exception stack trace --- at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error) at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.GetResult(Int16 token) at System.Net.Security.SslStreamInternal ...
filebeat.prospectors: - type: log enabled: true paths: - /var/log/log* multiline.pattern: '^[[:space:]]' multiline.negate: false multiline.match: after fields_under_root: true fields: type: Band-account-log fields_under_root: true exclude_files: ['.gz] logging.level: info output.logstash: hosts: ["elk.Band.net"] ssl.certificate_authorities: "/etc/pki/tls/certs/logstash-forwarder.crt"
It doesn't really get all the lines from log file, and the timestamp looks wrong looking in kibana. Not really sure what I need to modify.
filebeat version 6.2.4 (amd64), libbeat 6.2.4