Config file: yaml: line 15: could not find expected ':'\n"


Now, this is quite misleading, as first you’d think is about the local sidecar.yml file, but… NO, is about the sidecar config on the server side.:

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

   hosts: ["log..ZZZZ.:5144"]
   ssl.verification_mode: full
   ssl.certificate_authorities:["C:\Program Files\Graylog\Certs\YYYY.crt"]
    ssl.certificate:["C:\Program Files\Graylog\Certs\"]
    ssl.key:"C:\Program Files\Graylog\Certs\pkcs8-encrypted.pem"

   data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
   logs: C:\Program Files\Graylog\sidecar\logs
 - windows
   - name: Application
   - name: System
   - name: Security

LINE 15 being:


I tried to delete the speces, and extra lines and all…
It does the same.
I am thinking about the wrong indentation maybe for the ‘path:’ meaning…
as this solved the previous 3 other lines, i did the indentation right and then was ok.

Now i tried all kind of set ups for indentation but still… stuck in this


yml files are extremely picky about spaces AND indentation. My first guess is that you need to correct the the indentation with the ssl lines…

1 Like

the error was that i had t double the ''
ssl.certificate_authorities: “C:\Program Files\Graylog\Certs\DigiCertCA.crt”

what tha hell, after this now i get the

dear gods…

going crazy with his :))))

here is a good place to do some comparison on how you have the settings:

your .key ends in .pem - not sure that would work - I am no ssl expert. Make sure to re-post what you currently have… as well as the solution if you find it.

i was tired of sidecar’s sh*it and went for NXlog.

Managed to make it work, over TLS as well.
I can go get drunk now, after 3 weeks of trying to sort out the sidecar way…

hey @adrianrus

I completely understand, YAML files are very, very touchy about indents, spelling along with permissions, etc… to completed that task. TBH Once you have GL sidecar running, its all down hill from there and it comes in handy when you have 500 + devices in a environment.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.