Hi,
This is my first try with FileBeat and I have some difficulties
My test conf is very simple
On the filebeat side :
Filebeat windows 5.2.2 windows 64
filebeat.prospectors:
- input_type: log
paths:
- C:\Users\flefebure\testlogs\*.log
output.logstash:
hosts: ["elastic2.local:5044"]
On the logstash side :
Logstash 2. 4.1 Linux Centos
input {
beats {
type => "dcrm"
port => 5044
}
}
output {
if [type] == "dcrm" {
stdout { codec => json }
file {
path => "/tmp/dcrm.log"
}
}
}
With this config events don't touch logstash
In beats log I can see :
2017-03-23T12:49:39-04:00 DBG Try to publish 4 events to logstash with window size 10
2017-03-23T12:49:39-04:00 DBG handle error: EOF
2017-03-23T12:49:39-04:00 DBG closing
2017-03-23T12:49:39-04:00 DBG 0 events out of 4 events sent to logstash. Continue sending
2017-03-23T12:49:39-04:00 DBG close connection
2017-03-23T12:49:39-04:00 ERR Failed to publish events caused by: EOF
2017-03-23T12:49:39-04:00 INFO Error publishing events (retrying): EOF
I saw references to this error, in this forum, but related to TLS
With a TCPDump I don't see the log data in transit.
I imagined that logstash version was too late compared to FileBeats version so I tried a downgrade to Filebeats 1.3.1
With the same config I now see in the logs :
2017-03-23T13:19:56-04:00 INFO Start sending events to output
2017-03-23T13:19:56-04:00 INFO Harvester started for file: C:\Users\flefebure\testlogs\test.log
2017-03-23T13:19:59-04:00 INFO Events sent: 24
2017-03-23T13:19:59-04:00 INFO Registry file updated. 1 states written.
Nothing seems th happen on the logstash side
On a TCP dump only 12 bytes of data are transfered, much less than my 24 lines of logs
Any advice ?
BR
Franck