Windows sidecar filebeat 'exiting: no modules or inputs enabled'

tmacgbay · November 13, 2019, 4:54pm

oooh … here is another thing I missed… You also need a dash in front of type:

filebeat:
  inputs:
    - type: log
      enabled: true

Fingers crossed that’s it! Below is a working filebeat I use for watching Owa… hopefully it will help too:

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}
output.logstash:
   hosts: 
   - ${user.BeatsInput}
   ssl:
   verification_mode: none
path:
  data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data
  logs: C:\Program Files\Graylog\sidecar\logs
tags:
 - windows, exchange, filebeat, OWA, e-mail
filebeat:
  inputs:
    - type: log
      enabled: true
      # find owa logon and logoff but not when the HealthMailbox does it.
      include_lines: ['auth.owa', 'logoff.owa']
      exclude_lines: ['HealthMailbox','^#']
      paths:
        - C:\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\Owa\*.LOG

Topic		Replies	Views
Failing collectors-sidecar status without filebeat config on Windows Graylog Central (peer support) sidecar , filebeat-windows , winlogbeat	4	2337	August 29, 2018
Graylog 3, Sidecar (1.0.1) WinLogEvt - No messages Graylog Central (peer support) sidecar , filebeat-windows , winlogbeat	4	1355	May 17, 2019
Sidecar with Filebeat not working with modules Graylog Central (peer support) sidecar , filebeat-linux , nosendlogfblx , failoadcongfigfblx	1	1134	April 28, 2021
Enable Filebeat modules with Graylog Sidecars Graylog Central (peer support) sidecar , filebeat-windows	1	1180	June 25, 2019
Sidecar confusion Graylog Central (peer support) sidecar , nxlog , multi-linenx	2	1739	December 6, 2017

Windows sidecar filebeat 'exiting: no modules or inputs enabled'

Related Topics