Below is my filebeat.yml file where it should send logs only from the below mentioned /home/ubuntu/logs/test-app/path.log path. But it is all the logs including var/log/syslog and /var/log/auth.log folders. Please give me clarification on how to avoid sending system logs.
filebeat.yml
filebeat.inputs:
- type: syslog
enabled: false
- type: log
enabled: true
paths:
- home/ubuntu/logs/test-app/path.log
logging:
level: info
to_files: true
to_syslog: false
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
output.logstash:
hosts: ["ip:5044"]
check if you are enabling the system module ,
filebeat modules list | head
cat /etc/filebeat/modules.d/system.yml
and use filestream input instead of logs as the latter will be deprecated
https://www.elastic.co/guide/en/beats/filebeat/8.2/filebeat-input-filestream.html