Windows Filebeat default configuration is missing

[BitDesert]

Problem description

After the upgrade to Graylog 3.0.0 and Collector 1.0.0 the Filebeat log collector configuration is missing in the default configuration. The filebeat.exe is located at "C:\Program Files\Graylog\collector-sidecar\filebeat.exe" but a default configuration is missing.

Steps to reproduce the problem

1. Update Graylog to 3.0.0
2. Check the Log collectors at /system/sidecars/configuration , only filebeat (Linux), nxlog (Linux), nxlog (Windows) and winlogbeat (Windows) are available.

Environment

• Sidecar Version: 1.0.0
• Graylog Version: 3.0.0
• Operating System: Ubuntu 16.04
• Elasticsearch Version: 6.6.1
• MongoDB Version: 2.6.10

[mpfz0r]

That's correct,
is there a brave soul that would provide us a meaningful default configuration we could include?

In the meantime, looking at the winlogbeat default and the linux filebeat default configuration
should get you started.

[BitDesert]

I've build the following config based on the other existing ones:

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

filebeat:
  prospectors:
  - encoding: plain
    ignore_older: 0
    paths:
    - C:\logs\log.log
    scan_frequency: 10s
    tail_files: true
    type: log
output:
  logstash:
    hosts:
    - 192.168.1.1:5044
path:
  data: C:\Program Files\Graylog\sidecar\cache\filebeat\data
  logs: C:\Program Files\Graylog\sidecar\logs
tags:
- windows

[jalogisch]

For Filebeat 7.x the above would be:

# Needed for Graylog
fields_under_root: true
fields.collector_node_id: ${sidecar.nodeName}
fields.gl2_source_collector: ${sidecar.nodeId}

filebeat:
	inputs:
		type: log
		enable: true
		paths:
		- C:\logs\log.log

output:
	logstash:
		hosts:
		- 192.168.1.1:5044

path:
	data: C:\Program Files\Graylog\sidecar\cache\filebeat\data
	logs: C:\Program Files\Graylog\sidecar\logs