Collector sidecar config syntax

neophilipp · June 14, 2017, 11:34am

Hello,

can PLEASE somebody tell me how the syntax of the WinLogBeats Input is. I have:

[{‘name’:‘Application’}] and everything is perfect.

But i need to add things like “ignore_older:72h” or “level: critical, error, warning”?

How can i put this in it?

THX!!

jochen · June 14, 2017, 1:47pm

neophilipp · June 15, 2017, 7:25am

Can you plese give me a example snipplet like the nxlog example?

Because if i put in:

ignore_older: 72h

a error occurs.

“Error during configuration validation… Invalid top-level key ‘ignore older’.”

I try a lot but no success.

jochen · June 15, 2017, 10:20am

Where exactly did you enter that snippet and where do you see the error message?

macko003 · June 21, 2017, 11:19am

Try this format in “event name”, its working for me.

[{'ignore_older': '1h','name':'Application'},{'ignore_older': '1h','name':'System'},{'ignore_older': '1h','name':'Security'}]

system · July 5, 2017, 11:20am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog 3.0 Winlogbeat help Graylog Central (peer support) sidecar , winlogbeat	2	3432	June 17, 2019
Winlogbeat configuration - snippets Graylog Central (peer support) sidecar , winlogbeat	2	4068	July 16, 2018
Collector configuration of winlogbeat snippets were not working in graylog Graylog Central (peer support) sidecar , winlogbeat	2	1118	February 23, 2018
Winfilebeat - Collector Config error Graylog Central (peer support) sidecar , nxlog , filebeat-linux , filebeat-windows , winlogbeat , nodatanx , nosendlogfblx	5	2942	March 19, 2019
Winlogbeat snippets Graylog Central (peer support) sidecar , winlogbeat	1	902	August 14, 2017