Filebeat sidecar needs to be restarted on Windows reboot

I have Filebeat sidecar configured in Graylog pulling logs from a Windows host and while everything is configured properly, I noticed that once my Windows machine reboots, the sidecar filebeat configuration needs to be restarted (even though it still shows healthy/running) in order for the messages to show in Graylog. As soon as I restart the configuration, I can see all of the messages coming in.

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

output.logstash:
   hosts: ["192.168.139.11:5044"]
path:
  data: C:\Program Files\Graylog\sidecar\cache\filebeat\data
  logs: C:\Program Files\Graylog\sidecar\logs
tags:
 - veeam
#filebeat.inputs:
#  type: log
#  enabled: true
#  paths:
#    - C:\logs\log.log
filebeat:
  inputs:
    - type: log
      enabled: true
      paths: 
        - C:\logs\log.log      
        - C:\ProgramData\Veeam\Backup\home\Job.home.Backup.log

Any help would be greatly appreciated.

So the Graylog Sidecar Windows Services are running, but you need to go to Collectors Administration, select the winlogbeat of the affected server and restart the process? (just being clear of what your current process is)

Check in the logs area for the sidecar, they are very descriptive about what is going on and what is not You have them set to “logs: C:\Program Files\Graylog\sidecar\logs”

If you don’t find helpful details you can post relevant parts of the logs so readers could try and spot issues.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.