Output file not created

Is there something wrong with my filebeat.yml file ? I am reading from one directory and copying it to another but it fails to create the file . I am not sending it to logstash or elastic .

Version - filebeat version 8.15.2

Filebeat.yml

filebeat.inputs:
- type: filestream
  enabled: true
  paths:
    -/var/tmp/varlog.out
  multiline:
        pattern: '^[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}'
        negate: true
        match: after

output.file:
   path: "/var/tmp/"
   filename: abcd.log

logging.level: debug
logging.files:
  path: /var/tmp/filebeat_test
  name: beat

It creates the beat-20250515.ndjson file but does not create the abcd.log file . I would like everything from the file /var/tmp/varlog.out to parse and place it in /var/tmp/abcd.log.

My input file used for this test

May 11 03:28:40 hostname systemd[1]: Created slice User Slice of UID 99.
May 11 03:28:40 hostname systemd[1]: Starting User runtime directory /run/user/99...
May 11 03:28:40 hostname systemd[1]: Started User runtime directory /run/user/99.
May 11 03:28:40 hostname systemd[1]: Starting User Manager for UID 99...
May 11 03:28:40 hostname systemd[2088388]: Starting D-Bus User Message Bus Socket.
May 11 03:28:40 hostname systemd[2088388]: Reached target Paths.
May 11 03:28:40 hostname systemd[2088388]: Reached target Timers.
May 11 03:28:40 hostname systemd[2088388]: Listening on D-Bus User Message Bus Socket.
May 11 03:28:40 hostname systemd[2088388]: Reached target Sockets.
May 11 03:28:40 hostname systemd[2088388]: Reached target Basic System.
May 11 03:28:40 hostname systemd[2088388]: Reached target Default.
May 11 03:28:40 hostname systemd[2088388]: Startup finished in 57ms.
May 11 03:28:40 hostname systemd[1]: Started User Manager for UID 99.
May 11 03:28:40 hostname systemd[1]: Started Session c570 of user nobody.
May 11 03:28:43 hostname systemd[1]: session-c570.scope: Succeeded.
May 11 03:28:54 hostname systemd[1]: Stopping User Manager for UID 99...
May 11 03:28:54 hostname systemd[2088388]: Stopped target Default.
May 11 03:28:54 hostname systemd[2088388]: Stopped target Basic System.
May 11 03:28:54 hostname systemd[2088388]: Stopped target Timers.
May 11 03:28:54 hostname systemd[2088388]: Stopped target Sockets.
May 11 03:28:54 hostname systemd[2088388]: Closed D-Bus User Message Bus Socket.
May 11 03:28:54 hostname systemd[2088388]: Stopped target Paths.
May 11 03:28:54 hostname systemd[2088388]: Reached target Shutdown.
May 11 03:28:54 hostname systemd[2088388]: Started Exit the Session.
May 11 03:28:54 hostname systemd[2088388]: Reached target Exit the Session.
May 11 03:28:54 hostname systemd[1]: user@99.service: Succeeded.
May 11 03:28:54 hostname systemd[1]: Stopped User Manager for UID 99.
May 11 03:28:54 hostname systemd[1]: Stopping User runtime directory /run/user/99...
May 11 03:28:54 hostname systemd[1]: run-user-99.mount: Succeeded.
May 11 03:28:54 hostname systemd[1]: user-runtime-dir@99.service: Succeeded.
May 11 03:28:54 hostname systemd[1]: Stopped User runtime directory /run/user/99.

How do we make sure everything gets to the new abcd.log file ?

Looks like the issue is with the paths config — there’s no space after the dash. Try this:

paths:
“- /var/tmp/varlog.out”

Also, make sure Filebeat has permission to read the input file and write to /var/tmp/abcd.log. Let it run a bit and check logs under /var/tmp/filebeat_test.