mpfz0r
commented
1 year ago should be fixed with 4.3.10 https://github.com/Graylog2/graylog2-server/pull/13897 which we will release next week
Closed theherodied closed 1 year ago
mpfz0r
commented
1 year ago should be fixed with 4.3.10 https://github.com/Graylog2/graylog2-server/pull/13897 which we will release next week
theherodied
commented
1 year ago Thanks!
Problem description
Collector Sidecar 1.2.0 with Filebeat 8.5.2 shows "source" in Graylog as "unkown". Collector Sidecar 1.2.0 with Filebeat 7.17.7 shows "source" correctly with machinename@company.com.
Steps to reproduce the problem
Current machine is Linux Mint Ubuntu based. Install Collector Sidecar per directions at https://docs.graylog.org/docs/sidecar
wget https://packages.graylog2.org/repo/packages/graylog-sidecar-repository_1-2_all.deb sudo dpkg -i graylog-sidecar-repository_1-2_all.deb sudo apt-get update && sudo apt-get install graylog-sidecar
Install Filebeat per directions from Graylog pointing to https://www.elastic.co/downloads/beats/filebeat wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - sudo apt-get install apt-transport-https echo "deb https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-8.x.list sudo apt-get update && sudo apt-get install filebeat
Purge Filebeat package and manually install 7.17.7 and it resolves the problem.
Environment
Filebeat config for Sidecar:
Needed for Graylog
fields_under_root: true fields.collector_node_id: ${sidecar.nodeName} fields.gl2_source_collector: ${sidecar.nodeId}
filebeat.inputs: