According to the FAQ (https://www.elastic.co/guide/en/beats/filebeat/current/faq.html#filebeat-network-volumes) , it's recommended not to use network volumes. How can I work around this?
I'm considering setting up a VM on an outside host, and rsync logs or something similar. Then using filebeat on there.
Any feedback on this issue would be appreciated.
I think more context in necessary in order to offer advice. Can you please share some more info about your setup. Maybe start with what's producing the logs and why can't you run Filebeat locally? What OS?
Hey Andrew, thanks for getting back.
We're using network drives here in our office for VMs. Windows Host, Ubuntu 16.04 VMs.
Windows host is a hyper-v cluster, with iSCSI share.
Filebeat 'works', it just reads it once, and doesn't see any changes after the initial push after starting/restarting filebeat.
I'm just trying to get the syslog monitored.
So this is your stack?
Where is Filebeat running? I wouldn't expect any problems reading from ext4 or NTFS even if they are virtual or iSCSI disks.
But if I missed something in your architecture, an alternative could be to forward the syslog data to Logstash. We usually recommend this for OSes where Filebeat cannot be run (like AIX b/c Go isn't supported).
File beat is running on the Ubuntu VMs.
Is it alright to post links to gist for log files? I'd like to show you the output from debugging.
Sure. Please show the config too.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.