I have a problem when taking logs with FileBeat to Logstash, my logs arrive well in a file but the path of log is wrong in the output (It's the default location on an apache server).
Here the config of FileBeat in the client:
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
# filestream is an input for collecting log messages from files.
- type: filestream
# Unique ID among all inputs, an ID is required.
id: site1
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- **/var/log/test.site1.com/access.log**
#- c:\programdata\elasticsearch\logs\*
And here a snipet of log in Logstash server:
{"ecs":{"version":"8.0.0"},"@timestamp":"2022-11-17T11:08:25.000Z","tags":["beats_input_codec_plain_applied"],"event":{"original":"xxx.xxx.xxx.xxx - - [17/Nov/2022:12:08:25 +0100] \"GET / HTTP/1.1\" 200 10956 \"-\" \"lua-resty-http/0.10 (Lua) ngx_lua/10011\""},"@version":"1","message":"xxx.xxx.xxx.xxx - - [17/Nov/2022:12:08:25 +0100] \"GET / HTTP/1.1\" 200 10956 \"-\" \"lua-resty-http/0.10 (Lua) ngx_lua/10011\"","user":{"service":{"name":"ECS"},"region":"","availability_zone":"eu-west-0b","provider":"huawei","instance":{"id":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}},"agent":{"version":"8.5.0","id":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","type":"filebeat","ephemeral_id":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","name":"VMSite1},"source":{"address":"xxx.xxx.xxx.xxx"},"host":{"hostname":"VMSite1","mac":["xx-xx-xx-xx-xx-xx"],"architecture":"x86_64","id":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","containerized":false,"os":{"type":"linux","platform":"debian","family":"debian","codename":"stretch","kernel":"4.9.0-3-amd64","version":"9 (stretch)","name":"Debian GNU/Linux"},"ip":["xxx.xxx.xxx.xxx","xxxx::xxxx:xxxx:xxxx:xxxx"],"name":"VMSite1"},"log":{"file":{**"path":"/var/log/apache2/access.log"**},"offset":5870032},"timestamp":"17/Nov/2022:12:08:25 +0100","input":{"type":"filestream"},"http":{"request":{"method":"GET"},"response":{"status_code":200,"body":{"bytes":10956}},"version":"1.1"},"url":{"original":"/"},"user_agent":{"original":"lua-resty-http/0.10 (Lua) ngx_lua/10011"}}
As you can see, the logged folder /var/log/test.site1.com/access.log becomes the default path /var/log/apache2/access.log in the output
Is there a possibility in a configuration file to have the right path?