Working with filebeat and Winlogbeat at the same time

WarriorHarb · April 3, 2019, 1:37pm

Hello,
So i had configured Filebeat to forward data to Logstash via port 5044 and data has to go through Grok filter (that contains a drop condition )

if "_grokparsefailure" in [tags] {
	drop {}
	}

it is working fine , and data that correspond to my format was parsed to fields, non conforming formats were dropped.
Now i added Winlogbeat and made it forward data to logstash via the same port 5044 but i receive nothing in winlogbeat when i check in Kibana. My best guess is they are being dropped by my grok filter.
So is there a way to make it skip the grok filter like making it forward data through a seperate port or something.
Any help will be apperciated.

WarriorHarb · April 4, 2019, 9:20am

I solved it for who ever crossed this problem , here is the solution :
-use one port for both winlogbeat and filebeat (they will be tagged automatically )
-in the filter section :

filter {
		if "wineventlog" in [type]{ }
		if "wineventlog" not in [type]{
            *your grok filter here with the drop condition and all* } }

Hope this would be helpful.

system · May 2, 2019, 9:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat does not send logs to Logstash Beats	4	1061	June 7, 2018
Filter based on input (Filebeat/Winlogbeat) in logstash Logstash	3	1038	September 4, 2019
Using both Filebeat and Winlogbeat Beats filebeat	3	4511	November 8, 2017
Winlogbeat being ingested in both winlog-* and syslog-* Logstash	3	408	July 30, 2018
Winlogbeat 8.12.0 not working with filters Beats winlogbeat	4	256	April 23, 2024

Working with filebeat and Winlogbeat at the same time

Related topics