3. What steps have you already taken to try and solve the problem?
I thought maybe filebeat service is taking exclısive rights to the log files so other applıcations are not able to write to, but that does not hold much water as surely the developers must have thought of this, so I am actually at complete loss, all info I can get from the log writing program is:
2022-10-14 15:03:59.5822 Warn FileTarget(Name=fileLog): Failed to archive file ‘c:\temp\client-logs\2022-10-14.txt’. Exception: System.IO.IOException: The process cannot access the file because it is being used by another process.
as far as I can tell, no processes are accessing the file other than filebeat.
4. How can the community help?
What I would like to know,
is this a common thing?
are there any obvious solutions?
can I control filebeat file access rights?
since it was packaged by Graylog, is this the right place to ask or is it an Elasticsearch matter?
When you post code/logs, use the </> tool for preformatted test to make sure your test is readable and it doesn’t remove pieces. you can edit the post, highlight the config and use the `</> tool in the tool bar.
I noticed with your error it says “Failed to archive file” which says to me that something is trying to move it. What is the application trying to move it? My first guess woudl be the issue is with that application rather than filebeat since there are a lot of people who use filebeat…
It’s a remote server that I have limited troubleshooting capabilities to, so you’re saying this is not a common occurrence, and filebeat is not to blame, but is it possible to select file access mode say to be read only and also limit access to certain time periods?
I have just received word from the server admin saying he found other reasons why file access is impaired, so yeah filebeat is not to blame, however it would be nice if I can have greater control over file access rights and access frequency, I found some config controls but I’m not sure how to use them with Sidecar’s own filebeat implementation.
The filebeat commands you want would be put into the Graylog Sidecar Configuration you are applying to that machine - If you posted your configuration and the command you want, I can probably help with where to place it … if the online docs aren’t making sense. For file access rights, that’s between you and the server admin.
Sorry I didn’t think to fix it like you did, you’re awesome man, now I can apply any setting like that, I didn’t know It goes here, if only the documentation were more clear about it, thank you very much.