Hi,
I have installed filebeat on windows machine and configured it to send logs to logstash.
Here is my filebeat config
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
# filestream is an input for collecting log messages from files.
- type: log
enabled: true
paths:
- D:\Tracability\Apache.log
fields:
type: apache_3dx
fields_under_root: true
- type: log
enabled: true
paths:
- D:\Tracability\*.txt
fields:
type: services_3dx
fields_under_root: true
- type: log
enabled: true
paths:
- D:\Tracability\merged_logfile.log
fields:
type: 3dx_merged
fields_under_root: true
- type: syslog
enabled: false
output.logstash:
# The Logstash hosts
hosts: ["logstash_ip:5044"]
Here is my logstash config
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => "http://elastic_ip:9200"
index => "%{type}-%{+YYYY.MM.dd}"
user => "elastic"
password => "pwd"
}
}
This logstash pipeline works fine with other filebeat sources which are on linux. But this is not working. There is no error in logs
The output of command
.\filebeat -e -c "C:\Program Files\Filebeat\filebeat.yml" test output
is fine
The output of command .\filebeat -e -c "C:\Program Files\Filebeat\filebeat.yml" -d "publish" also looks like the logs r picking up. But the index is not getting created. Not sure where its going wrong