I saw that we finally have reporting on failed winlogbeat’s and sidecars. I read up on the thread here but it’s not all to clear on how to activate this in a 5.2 that’s been upgraded over the years from 3.x or if it was from 4.x.
I tried to manually fail one of our winlogbeats but I do not get an error in the ‘all system events stream’. I’m probably missing something silly here. Have any one gotten that one to work properly and maybe even configured email alerts based on a failed sidecar?
When I read here it sounds like the default behavior would be to report on these errors. Since I don’t have that line and with that no excluded types in my config I’d assume I would see failed sidecars in ‘all system events’ stream…?
# Comma-separated list of notifcation types which should not emit a system event.
# Default: SIDECAR_STATUS_UNKNOWN which would create a new event whenever the status of a sidecar becomes "Unknown"
#system_event_excluded_types = SIDECAR_STATUS_UNKNOWN
