Graylog does get files from filebeat

shurale85 · November 9, 2018, 3:39pm

Hi!
I have configured my graylog env on Ubuntu (VM 192.168.161.25) and installed saidecar on my Windows 10 (host). I can send logs to GL via Postman and see them in GL but I can’t manage sidecar to send file to GL.
This is my sidecar settings


server_url: http://192.168.161.25:9000/api 
update_interval: 10
tls_skip_verify: false
send_status: true
list_log_files:
node_id: graylog-collector-sidecar
collector_id: file:C:\Program Files\graylog\collector-sidecar\collector-id
cache_path: C:\Program Files\graylog\collector-sidecar\cache
log_path: C:\Program Files\graylog\collector-sidecar\logs
log_rotation_time: 86400
log_max_age: 604800
tags: [TEST]
backends:
    - name: nxlog
      enabled: false
      binary_path: C:\Program Files (x86)\nxlog\nxlog.exe
      configuration_path: C:\Program Files\graylog\collector-sidecar\generated\nxlog.conf
    - name: winlogbeat
      enabled: false
      binary_path: C:\Program Files\graylog\collector-sidecar\winlogbeat.exe
      configuration_path: C:\Program Files\graylog\collector-sidecar\generated\winlogbeat.yml
    - name: filebeat
      enabled: true
      binary_path: C:\Program Files\graylog\collector-sidecar\filebeat.exe
      configuration_path: C:\Program Files\graylog\collector-sidecar\generated\filebeat.yml

This is filebeat settings


filebeat:
  prospectors:
  - encoding: plain
    exclude_files: []
    fields:
      collector_node_id: graylog-collector-sidecar
      gl2_source_collector: 6d588c09-a0a7-4727-8a3e-551d1e84a607
      type: txt
    ignore_older: 0
    paths:
    - K:\Logs
    scan_frequency: 10s
    tail_files: true
    type: log
output:
  logstash:
    hosts:
    - 192.168.161.25:5044
path:
  data: C:\Program Files\graylog\collector-sidecar\cache\filebeat\data
  logs: C:\Program Files\graylog\collector-sidecar\logs
tags:
- TEST

I put logs into K:\Logs, set Beat input and made configuration via GL UI according to instruction. But no logs appeared in GL.

Also I have an error in filebeat error log like service/service_windows.go:76 Error: The service process could not connect to the service controller when I run it as service. But there is no such error in debug mode.

Please tell me what is wrong ?

jan · November 10, 2018, 8:15am

please edit your posting using proper formatting rules ro make it readable:

https://community.graylog.org/faq

shurale85 · November 13, 2018, 12:12pm

I did some investigation and found out in filebeat log that 0 files were posted. So I did conclusion that something was wrong with the file path. Finally, I figured out that file type also has to present in file path and replaced K:\Logs with K:\Logs*.log That was fix in my case. And make sure your log file ext match with specified log type))

system · November 27, 2018, 12:12pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sending local log from Sidecar and Filebeat to Graylog Graylog Central (peer support) filebeat-linux	4	297	December 5, 2023
Filebean doen't send logs to graylog server Graylog Central (peer support)	7	188	March 16, 2023
How to send logs from Windows Graylog Central (peer support) sidecar , filebeat-windows , winlogbeat	10	5861	November 30, 2017
Windows sidecar filebeat configuration Graylog Central (peer support) sidecar , filebeat-windows , winlogbeat	2	3015	July 23, 2018
Send logs from Windows (Filebeat) to Graylog Graylog Central (peer support) sidecar , filebeat-linux , filebeat-windows , winlogbeat , nosendlogfblx	4	5063	June 28, 2019

Graylog does get files from filebeat

Related Topics