Bit of an issue here with all of my deployed sidecars.
Rarely if ever do any of them actually respond to a stop process command, both for the filebeat and winlogbeat services and even the Graylog Sidecar service itself, even when done manually.
Any time I do this I get a “This service cannot accept control messages at this time” error.
Edit: In hindsight, it appears to be a single service that hangs the entire operation.
winlogbeat.event_logs:
- name: Security
level: error, warning, critical- name: System
level: error, warning, critical- name: Application
level: error, warning, critical- name: Setup
level: information, error, warning, critical- name: Microsoft-Windows-WindowsUpdateClient/Operational
level: error, warning, critical- name: Microsoft-Windows-Firewall-With-Advanced-Security/Firewall
level: error, warning, criticalqueue.mem:
events: 4096
flush.min_events: 512
flush.timeout: 5soutput.logstash:
hosts: [“192.168.140.9:5044”]fields:
config_name: “Windows Events”
fields_under_root: truepath:
data: ${sidecar.spoolDir!“C:\Program Files\Graylog\sidecar\cache\winlogbeat”}\data\Windowsevents
logs: ${sidecar.spoolDir!“C:\Program Files\Graylog\sidecar”}\logs\Windowsevents