root@elkfiras:/home/elkfiras# filebeat -e
{"log.level":"info","@timestamp":"2022-07-31T17:20:16.558Z","log.origin":{"file.name":"instance/beat.go","file.line":702},"message":"Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:16.559Z","log.origin":{"file.name":"instance/beat.go","file.line":710},"message":"Beat ID: 18f18c9b-6051-49ef-a4ce-e9cce3299b83","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2022-07-31T17:20:19.565Z","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/provider_aws_ec2.go","file.line":81},"message":"read token request for getting IMDSv2 token returns empty: Put \"http://169.254.169.254/latest/api/token\": context deadline exceeded (Client.Timeout exceeded while awaiting headers). No token in the metadata request will be used.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.574Z","log.logger":"seccomp","log.origin":{"file.name":"seccomp/seccomp.go","file.line":124},"message":"Syscall filter successfully installed","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.576Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1076},"message":"Beat info","service.name":"filebeat","system_info":{"beat":{"path":{"config":"/etc/filebeat","data":"/var/lib/filebeat","home":"/usr/share/filebeat","logs":"/var/log/filebeat"},"type":"filebeat","uuid":"18f18c9b-6051-49ef-a4ce-e9cce3299b83"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.576Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1085},"message":"Build info","service.name":"filebeat","system_info":{"build":{"commit":"45f722f492dcf1d13698c6cf618b339b1d4907be","libbeat":"8.3.2","time":"2022-07-06T10:12:50.000Z","version":"8.3.2"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.576Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1088},"message":"Go runtime info","service.name":"filebeat","system_info":{"go":{"os":"linux","arch":"amd64","max_procs":2,"version":"go1.18.2"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.584Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1092},"message":"Host info","service.name":"filebeat","system_info":{"host":{"architecture":"x86_64","boot_time":"2022-07-31T00:55:46Z","containerized":false,"name":"elkfiras","ip":["127.0.0.1/8","::1/128","192.168.37.2/24","fe80::20c:29ff:fe65:82ff/64"],"kernel_version":"5.15.0-41-generic","mac":["00:0c:29:65:82:ff"],"os":{"type":"linux","family":"debian","platform":"ubuntu","name":"Ubuntu","version":"22.04 (Jammy Jellyfish)","major":22,"minor":4,"patch":0,"codename":"jammy"},"timezone":"UTC","timezone_offset_sec":0,"id":"24ec3a89c2b5417b9c2a0e9755bb64bc"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.590Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1121},"message":"Process info","service.name":"filebeat","system_info":{"process":{"capabilities":{"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read","38","39","40"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read","38","39","40"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read","38","39","40"],"ambient":null},"cwd":"/home/elkfiras","exe":"/usr/share/filebeat/bin/filebeat","name":"filebeat","pid":12885,"ppid":12876,"seccomp":{"mode":"filter","no_new_privs":true},"start_time":"2022-07-31T17:20:16.040Z"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.591Z","log.origin":{"file.name":"instance/beat.go","file.line":293},"message":"Setup Beat: filebeat; Version: 8.3.2","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2022-07-31T17:20:19.609Z","log.logger":"cfgwarn","log.origin":{"file.name":"tlscommon/config.go","file.line":102},"message":"DEPRECATED: Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version: 8.0.0","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.610Z","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":108},"message":"elasticsearch url: https://localhost:9200","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.611Z","log.logger":"publisher","log.origin":{"file.name":"pipeline/module.go","file.line":113},"message":"Beat name: elkfiras","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.611Z","log.logger":"modules","log.origin":{"file.name":"fileset/modules.go","file.line":108},"message":"Enabled modules/filesets: ","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.613Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":143},"message":"Starting metrics logging every 30s","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.615Z","log.origin":{"file.name":"instance/beat.go","file.line":470},"message":"filebeat start running.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.651Z","log.origin":{"file.name":"memlog/store.go","file.line":134},"message":"Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=1373","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.653Z","log.logger":"registrar","log.origin":{"file.name":"registrar/registrar.go","file.line":109},"message":"States Loaded from registrar: 0","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.655Z","log.logger":"crawler","log.origin":{"file.name":"beater/crawler.go","file.line":71},"message":"Loading Inputs: 1","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.655Z","log.logger":"crawler","log.origin":{"file.name":"beater/crawler.go","file.line":117},"message":"starting input, keys present on the config: [filebeat.inputs.0.enabled filebeat.inputs.0.id filebeat.inputs.0.paths.0 filebeat.inputs.0.type]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.658Z","log.logger":"crawler","log.origin":{"file.name":"beater/crawler.go","file.line":148},"message":"Starting input (ID: 11337388005444501392)","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.659Z","log.logger":"crawler","log.origin":{"file.name":"beater/crawler.go","file.line":106},"message":"Loading and starting Inputs completed. Enabled inputs: 1","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.659Z","log.logger":"input.filestream","log.origin":{"file.name":"compat/compat.go","file.line":111},"message":"Input filestream starting","service.name":"filebeat","id":"my-filestream-id","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:19.659Z","log.origin":{"file.name":"cfgfile/reload.go","file.line":164},"message":"Config reloader started","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:22.568Z","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/add_cloud_metadata.go","file.line":102},"message":"add_cloud_metadata: hosting provider type not detected.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:23.571Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":139},"message":"Connecting to backoff(elasticsearch(https://localhost:9200))","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:23.642Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":162},"message":"'ca_trusted_fingerprint' set, looking for matching fingerprints","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:23.643Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":173},"message":"CA certificate matching 'ca_trusted_fingerprint' found, adding it to 'certificate_authorities'","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:23.659Z","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":291},"message":"Attempting to connect to Elasticsearch version 8.3.2","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:23.670Z","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":291},"message":"Attempting to connect to Elasticsearch version 8.3.2","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:23.671Z","log.logger":"index-management","log.origin":{"file.name":"idxmgmt/std.go","file.line":231},"message":"Auto ILM enable success.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:23.680Z","log.logger":"index-management.ilm","log.origin":{"file.name":"ilm/std.go","file.line":128},"message":"ILM policy filebeat successfully created.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:23.680Z","log.logger":"index-management","log.origin":{"file.name":"idxmgmt/std.go","file.line":366},"message":"Set settings.index.lifecycle.name in template to {filebeat {\"policy\":{\"phases\":{\"hot\":{\"actions\":{\"rollover\":{\"max_age\":\"30d\",\"max_size\":\"50gb\"}}}}}}} as ILM is enabled.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:23.720Z","log.logger":"template","log.origin":{"file.name":"template/load.go","file.line":245},"message":"Existing template will be overwritten, as overwrite is enabled.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:25.930Z","log.logger":"template_loader","log.origin":{"file.name":"template/load.go","file.line":159},"message":"Try loading template filebeat-8.3.2 to Elasticsearch","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:26.098Z","log.logger":"template_loader","log.origin":{"file.name":"template/load.go","file.line":127},"message":"Template with name \"filebeat-8.3.2\" loaded.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:26.102Z","log.logger":"template_loader","log.origin":{"file.name":"template/load.go","file.line":143},"message":"Data stream with name \"filebeat-8.3.2\" already exists.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:26.102Z","log.logger":"index-management","log.origin":{"file.name":"idxmgmt/std.go","file.line":267},"message":"Loaded index template.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:26.105Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":147},"message":"Connection to backoff(elasticsearch(https://localhost:9200)) established","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-07-31T17:20:29.662Z","log.origin":{"file.name":"cfgfile/reload.go","file.line":273},"message":"Error loading config from file '/etc/filebeat/modules.d/fortinet.yml', error invalid config: yaml: line 3: did not find expected key","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:20:49.623Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":185},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpu":{"id":"session-33.scope"},"memory":{"id":"session-33.scope","mem":{"usage":{"bytes":138010624}}}},"cpu":{"system":{"ticks":460,"time":{"ms":460}},"total":{"ticks":3060,"time":{"ms":3060},"value":0},"user":{"ticks":2600,"time":{"ms":2600}}},"handles":{"limit":{"hard":1048576,"soft":1024},"open":36},"info":{"ephemeral_id":"679a32c7-b926-45db-a8e2-bd4255ae7d34","name":"filebeat","uptime":{"ms":33174},"version":"8.3.2"},"memstats":{"gc_next":29926312,"memory_alloc":14720128,"memory_sys":109563928,"memory_total":320591248,"rss":121556992},"runtime":{"goroutines":103}},"filebeat":{"events":{"added":5,"done":5},"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0},"reloads":1,"scans":2},"output":{"events":{"acked":5,"active":0,"batches":1,"total":5},"read":{"bytes":4320},"type":"elasticsearch","write":{"bytes":378403}},"pipeline":{"clients":25,"events":{"active":0,"published":5,"retry":5,"total":5},"queue":{"acked":5,"max_events":4096}}},"registrar":{"states":{"current":0}},"system":{"cpu":{"cores":2},"load":{"1":0.39,"15":0.25,"5":0.23,"norm":{"1":0.195,"15":0.125,"5":0.115}}}},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-07-31T17:21:19.623Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":185},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":61440}}}},"cpu":{"system":{"ticks":470,"time":{"ms":10}},"total":{"ticks":3090,"time":{"ms":30},"value":0},"user":{"ticks":2620,"time":{"ms":20}}},"handles":{"limit":{"hard":1048576,"soft":1024},"open":36},"info":{"ephemeral_id":"679a32c7-b926-45db-a8e2-bd4255ae7d34","uptime":{"ms":63177},"version":"8.3.2"},"memstats":{"gc_next":29926312,"memory_alloc":15128544,"memory_total":320999664,"rss":121556992},"runtime":{"goroutines":103}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0},"scans":3},"output":{"events":{"active":0}},"pipeline":{"clients":25,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.43,"15":0.26,"5":0.26,"norm":{"1":0.215,"15":0.13,"5":0.13}}}},"ecs.version":"1.6.0"}}
^C{"log.level":"info","@timestamp":"2022-07-31T17:21:29.385Z","log.origin":{"file.name":"beater/filebeat.go","file.line":425},"message":"Stopping filebeat","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.386Z","log.origin":{"file.name":"beater/crawler.go","file.line":155},"message":"Stopping Crawler","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.386Z","log.origin":{"file.name":"beater/crawler.go","file.line":165},"message":"Stopping 1 inputs","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.386Z","log.origin":{"file.name":"cfgfile/reload.go","file.line":190},"message":"Dynamic config reloader stopped","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.386Z","log.logger":"crawler","log.origin":{"file.name":"beater/crawler.go","file.line":170},"message":"Stopping input: 11337388005444501392","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.387Z","log.logger":"input.filestream","log.origin":{"file.name":"compat/compat.go","file.line":132},"message":"Input 'filestream' stopped","service.name":"filebeat","id":"my-filestream-id","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.387Z","log.origin":{"file.name":"beater/crawler.go","file.line":185},"message":"Crawler stopped","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.387Z","log.logger":"registrar","log.origin":{"file.name":"registrar/registrar.go","file.line":132},"message":"Stopping Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.387Z","log.logger":"registrar","log.origin":{"file.name":"registrar/registrar.go","file.line":166},"message":"Ending Registrar","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.388Z","log.logger":"registrar","log.origin":{"file.name":"registrar/registrar.go","file.line":137},"message":"Registrar stopped","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.388Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::795008-64768","path":"/var/log/vmware-network.4.log","state-id":"native::795008-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.391Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::810340-64768","path":"/var/log/vmware-network.2.log","state-id":"native::810340-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.392Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::797416-64768","path":"/var/log/alternatives.log","state-id":"native::797416-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.392Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::794985-64768","path":"/var/log/vmware-vmsvc-root.log","state-id":"native::794985-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.392Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::797397-64768","path":"/var/log/vmware-network.9.log","state-id":"native::797397-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.394Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::801552-64768","path":"/var/log/kern.log","state-id":"native::801552-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.395Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::795007-64768","path":"/var/log/vmware-network.5.log","state-id":"native::795007-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.395Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::797398-64768","path":"/var/log/vmware-network.log","state-id":"native::797398-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.395Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::798004-64768","path":"/var/log/bootstrap.log","state-id":"native::798004-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.396Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::794967-64768","path":"/var/log/ubuntu-advantage-timer.log","state-id":"native::794967-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.397Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::801464-64768","path":"/var/log/dpkg.log","state-id":"native::801464-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.397Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::801769-64768","path":"/var/log/fontconfig.log","state-id":"native::801769-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.398Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::798058-64768","path":"/var/log/vmware-vmtoolsd-root.log","state-id":"native::798058-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.398Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::795221-64768","path":"/var/log/vmware-network.8.log","state-id":"native::795221-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.399Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::795295-64768","path":"/var/log/vmware-network.6.log","state-id":"native::795295-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.399Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::810346-64768","path":"/var/log/auth.log","state-id":"native::810346-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.399Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::796916-64768","path":"/var/log/vmware-network.3.log","state-id":"native::796916-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.399Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::798009-64768","path":"/var/log/ubuntu-advantage.log","state-id":"native::798009-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.399Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::798116-64768","path":"/var/log/cloud-init.log","state-id":"native::798116-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.399Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::794992-64768","path":"/var/log/vmware-vmsvc-root.1.log","state-id":"native::794992-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.399Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::794994-64768","path":"/var/log/vmware-vmsvc-root.2.log","state-id":"native::794994-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.399Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::798124-64768","path":"/var/log/cloud-init-output.log","state-id":"native::798124-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.399Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::796624-64768","path":"/var/log/vmware-network.7.log","state-id":"native::796624-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.399Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::796331-64768","path":"/var/log/vmware-network.1.log","state-id":"native::796331-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.408Z","log.logger":"input.filestream","log.origin":{"file.name":"filestream/input.go","file.line":321},"message":"Reader was closed. Closing.","service.name":"filebeat","id":"my-filestream-id","source_file":"filestream::my-filestream-id::native::794892-64768","path":"/var/log/vmware-vmsvc-root.3.log","state-id":"native::794892-64768","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.409Z","log.logger":"input.filestream","log.origin":{"file.name":"compat/compat.go","file.line":124},"message":"Input 'filestream' stopped","service.name":"filebeat","id":"my-filestream-id","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.424Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":193},"message":"Total metrics","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpu":{"id":"session-33.scope","stats":{"periods":0,"throttled":{"ns":0,"periods":0}}},"memory":{"id":"session-33.scope","mem":{"usage":{"bytes":138215424}}}},"cpu":{"system":{"ticks":500,"time":{"ms":500}},"total":{"ticks":3130,"time":{"ms":3130},"value":0},"user":{"ticks":2630,"time":{"ms":2630}}},"handles":{"limit":{"hard":1048576,"soft":1024},"open":9},"info":{"ephemeral_id":"679a32c7-b926-45db-a8e2-bd4255ae7d34","name":"filebeat","uptime":{"ms":72976},"version":"8.3.2"},"memstats":{"gc_next":29926312,"memory_alloc":15570696,"memory_sys":109563928,"memory_total":321441816,"rss":121556992},"runtime":{"goroutines":14}},"filebeat":{"events":{"active":0,"added":5,"done":5},"harvester":{"closed":0,"open_files":0,"running":0,"skipped":0,"started":0},"input":{"log":{"files":{"renamed":0,"truncated":0}},"netflow":{"flows":0,"packets":{"dropped":0,"received":0}}}},"libbeat":{"config":{"module":{"running":0,"starts":0,"stops":0},"reloads":1,"scans":6},"output":{"events":{"acked":5,"active":0,"batches":1,"dropped":0,"duplicates":0,"failed":0,"toomany":0,"total":5},"read":{"bytes":4320,"errors":1},"type":"elasticsearch","write":{"bytes":378403,"errors":0}},"pipeline":{"clients":0,"events":{"active":0,"dropped":0,"failed":0,"filtered":0,"published":5,"retry":5,"total":5},"queue":{"acked":5,"max_events":4096}}},"registrar":{"states":{"cleanup":0,"current":0,"update":0},"writes":{"fail":0,"success":0,"total":0}},"system":{"cpu":{"cores":2},"load":{"1":0.74,"15":0.29,"5":0.33,"norm":{"1":0.37,"15":0.145,"5":0.165}}}},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.425Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":194},"message":"Uptime: 1m12.986389323s","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.425Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":161},"message":"Stopping metrics logging.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:29.426Z","log.origin":{"file.name":"instance/beat.go","file.line":475},"message":"filebeat stopped.","service.name":"filebeat","ecs.version":"1.6.0"}
root@elkfiras:/home/elkfiras# filebeat -e
{"log.level":"info","@timestamp":"2022-07-31T17:21:38.503Z","log.origin":{"file.name":"instance/beat.go","file.line":702},"message":"Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:38.503Z","log.origin":{"file.name":"instance/beat.go","file.line":710},"message":"Beat ID: 18f18c9b-6051-49ef-a4ce-e9cce3299b83","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2022-07-31T17:21:41.510Z","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/provider_aws_ec2.go","file.line":81},"message":"read token request for getting IMDSv2 token returns empty: Put \"http://169.254.169.254/latest/api/token\": context deadline exceeded (Client.Timeout exceeded while awaiting headers). No token in the metadata request will be used.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:41.518Z","log.logger":"seccomp","log.origin":{"file.name":"seccomp/seccomp.go","file.line":124},"message":"Syscall filter successfully installed","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-07-31T17:21:41.519Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1076},"message":"Beat info","service.name":"filebeat","system_info":{"beat":{"path":{"config":"/etc/filebeat","data":"/var/lib/filebeat","home":"/usr/share/filebeat","logs":"/var/log/filebeat"},"type":"filebeat","uuid":"18f18c9b-6051-49ef-a4ce-e9cce3299b83"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-07-31T17:21:41.522Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1085},"message":"Build info","service.name":"filebeat","system_info":{"build":{"commit":"45f722f492dcf1d13698c6cf618b339b1d4907be","libbeat":"8.3.2","time":"2022-07-06T10:12:50.000Z","version":"8.3.2"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2022-07-31T17:21:41.523Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1088},"message":"Go runtime info","service.name":"filebeat","system_info":{"go":{"os":"linux","arch":"amd64","max_procs":2,"version":"go1.18.2"},"ecs.version":"1.6.0"}}