3. What steps have you already taken to try and solve the problem?
I thought maybe filebeat service is taking exclısive rights to the log files so other applıcations are not able to write to, but that does not hold much water as surely the developers must have thought of this, so I am actually at complete loss, all info I can get from the log writing program is:
2022-10-14 15:03:59.5822 Warn FileTarget(Name=fileLog): Failed to archive file âc:\temp\client-logs\2022-10-14.txtâ. Exception: System.IO.IOException: The process cannot access the file because it is being used by another process.
as far as I can tell, no processes are accessing the file other than filebeat.
4. How can the community help?
What I would like to know,
is this a common thing?
are there any obvious solutions?
can I control filebeat file access rights?
since it was packaged by Graylog, is this the right place to ask or is it an Elasticsearch matter?
When you post code/logs, use the </> tool for preformatted test to make sure your test is readable and it doesnât remove pieces. you can edit the post, highlight the config and use the `</> tool in the tool bar.
I noticed with your error it says âFailed to archive fileâ which says to me that something is trying to move it. What is the application trying to move it? My first guess woudl be the issue is with that application rather than filebeat since there are a lot of people who use filebeatâŠ
Itâs a remote server that I have limited troubleshooting capabilities to, so youâre saying this is not a common occurrence, and filebeat is not to blame, but is it possible to select file access mode say to be read only and also limit access to certain time periods?
I have just received word from the server admin saying he found other reasons why file access is impaired, so yeah filebeat is not to blame, however it would be nice if I can have greater control over file access rights and access frequency, I found some config controls but Iâm not sure how to use them with Sidecarâs own filebeat implementation.
The filebeat commands you want would be put into the Graylog Sidecar Configuration you are applying to that machine - If you posted your configuration and the command you want, I can probably help with where to place it ⊠if the online docs arenât making sense. For file access rights, thatâs between you and the server admin.
I took care of this for you⊠âŠso I could read the post and make sure there werenât missing information or spacing⊠yml files are very finnicky about stuff like that.
My guess is it would look like this⊠You will have to test it to be sure.
# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
output.logstash:
hosts: ["10.0.0.89:12526"]
path:
data: C:\Program Files\Graylog\sidecar\cache\filebeat\data
logs: C:\Program Files\Graylog\sidecar\logs
tags:
- weblogfiles
filebeat:
inputs:
- type: filestream
id: api_client
enabled: true
###################
# Default is 10 seconds as below. less than 1s is not recommended.
scan_frequency: 10s
###################
paths:
- C:\temp\api-logs\*.txt
- C:\temp\client-logs\*.txt
- C:\temp\pdks-logs\*.txt
Sorry I didnât think to fix it like you did, youâre awesome man, now I can apply any setting like that, I didnât know It goes here, if only the documentation were more clear about it, thank you very much.
âŠso I could read the post and make sure there werenât missing information or spacing⊠yml files are very finnicky about stuff like that.