Receiving logs for only one of the index

Godson_Raju · May 16, 2019, 5:51pm

I am using linux centos.

This is my filebeat.yml file.
#=========================== Filebeat inputs =============================

filebeat.inputs:

type: log
enabled: true
paths:
- /ip/logs/ip
  fields: { log_type: ip }
type: log
enabled: true
paths:
- /ip/logs/p13n.log
  fields: { log_type: p13n }
type: log
enabled: true
paths:
- /ip/logs/ipreport.log
  fields: { log_type: ipreport }
type: log
enabled: true
paths:
- /ip/logs/ipwconnect.log
  fields: { log_type: ipwconnect }

and here is the logstash.conf :

input {
beats {
port => "5044"
}
}

output {

            elasticsearch {
                    hosts => ["localhost:9200"]
                    manage_template => false
                    index => "%{[fields][log_type]}-log"

            }

}

All the indexes are getting created, but only one of the index is showing the data. The rest of the indexes got some data for some seconds, but then it stopped.

Please help me out here.
Thank you

Christian_Dahlqvist · May 20, 2019, 7:01am

Please format your Filebeat config as it could be an error there causing this. I see some curly braces there which I do not is OK. Have a look at the documentation for an example of what it should look like.

system · June 17, 2019, 7:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.