Graylog Sidecar Service cannot be stopped

Bit of an issue here with all of my deployed sidecars.
Rarely if ever do any of them actually respond to a stop process command, both for the filebeat and winlogbeat services and even the Graylog Sidecar service itself, even when done manually.

Any time I do this I get a “This service cannot accept control messages at this time” error.

Edit: In hindsight, it appears to be a single service that hangs the entire operation.

winlogbeat.event_logs:

  • name: Security
    level: error, warning, critical
  • name: System
    level: error, warning, critical
  • name: Application
    level: error, warning, critical
  • name: Setup
    level: information, error, warning, critical
  • name: Microsoft-Windows-WindowsUpdateClient/Operational
    level: error, warning, critical
  • name: Microsoft-Windows-Firewall-With-Advanced-Security/Firewall
    level: error, warning, critical

queue.mem:
events: 4096
flush.min_events: 512
flush.timeout: 5s

output.logstash:
hosts: [“192.168.140.9:5044”]

fields:
config_name: “Windows Events”
fields_under_root: true

path:
data: ${sidecar.spoolDir!“C:\Program Files\Graylog\sidecar\cache\winlogbeat”}\data\Windowsevents
logs: ${sidecar.spoolDir!“C:\Program Files\Graylog\sidecar”}\logs\Windowsevents

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.