bornatalebi/filebeats logs

## filebeats logs
-- Logs begin at Mon 2020-09-07 08:31:42 +0430, end at Wed 2020-09-09 12:37:05 +0430. --
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.270+0430        ERROR        [publisher_pipeline_output]        pipeline/output.go:181        failed to publish events: temporary bulk send failure
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.270+0430        INFO        [publisher_pipeline_output]        pipeline/output.go:144        Connecting to backoff(elasticsearch(https://node-1:9200))
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.270+0430        INFO        [publisher]        pipeline/retry.go:221        retryer: send unwait signal to consumer
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.270+0430        INFO        [publisher]        pipeline/retry.go:225          done
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.271+0430        INFO        [esclientleg]        eslegclient/connection.go:306        Attempting to connect to Elasticsearch version 7.8.0
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.273+0430        INFO        [license]        licenser/es_callback.go:51        Elasticsearch license: Basic
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.296+0430        INFO        [index-management]        idxmgmt/std.go:259        Auto ILM enable success.
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.297+0430        INFO        [index-management.ilm]        ilm/std.go:139        do not generate ilm policy: exists=true, overwrite=false
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.297+0430        INFO        [index-management]        idxmgmt/std.go:272        ILM policy successfully loaded.
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.297+0430        INFO        [index-management]        idxmgmt/std.go:405        Set setup.template.name to '{filebeat-7.8.0 {now/d}-000001}' as ILM is enabled.
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.297+0430        INFO        [index-management]        idxmgmt/std.go:410        Set setup.template.pattern to 'filebeat-7.8.0-*' as ILM is enabled.
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.297+0430        INFO        [index-management]        idxmgmt/std.go:444        Set settings.index.lifecycle.rollover_alias in template to {filebeat-7.8.0 {now/d}-000001} as ILM is enabled.
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.297+0430        INFO        [index-management]        idxmgmt/std.go:448        Set settings.index.lifecycle.name in template to {filebeat {"policy":{"phases":{"hot":{"actions":{"rollover":{"max_age":"30d","max_size":"50gb"}}}}}}} as ILM is enabled.
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.299+0430        INFO        template/load.go:89        Template filebeat-7.8.0 already exists and will not be overwritten.
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.299+0430        INFO        [index-management]        idxmgmt/std.go:296        Loaded index template.
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.301+0430        INFO        [index-management]        idxmgmt/std.go:307        Write alias successfully generated.
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.392+0430        INFO        [publisher_pipeline_output]        pipeline/output.go:152        Connection to backoff(elasticsearch(https://node-1:9200)) established
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.396+0430        INFO        [publisher]        pipeline/retry.go:221        retryer: send unwait signal to consumer
Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.396+0430        INFO        [publisher]        pipeline/retry.go:225          done
Sep 09 04:13:02 TestSIEM filebeat[26565]: 2020-09-09T04:13:02.186+0430        ERROR        [publisher_pipeline_output]        pipeline/output.go:181        failed to publish events: temporary bulk send failure
Sep 09 04:13:02 TestSIEM filebeat[26565]: 2020-09-09T04:13:02.186+0430        INFO        [publisher_pipeline_output]        pipeline/output.go:144        Connecting to backoff(elasticsearch(https://node-1:9200))
Sep 09 04:13:02 TestSIEM filebeat[26565]: 2020-09-09T04:13:02.187+0430        INFO        [publisher]        pipeline/retry.go:221        retryer: send unwait signal to consumer
Sep 09 04:13:02 TestSIEM filebeat[26565]: 2020-09-09T04:13:02.187+0430        INFO        [publisher]        pipeline/retry.go:225          done
Sep 09 04:13:02 TestSIEM filebeat[26565]: 2020-09-09T04:13:02.188+0430        INFO        [esclientleg]        eslegclient/connection.go:306        Attempting to connect to Elasticsearch version 7.8.0
	-- Logs begin at Mon 2020-09-07 08:31:42 +0430, end at Wed 2020-09-09 12:37:05 +0430. --
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.270+0430 ERROR [publisher_pipeline_output] pipeline/output.go:181 failed to publish events: temporary bulk send failure
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.270+0430 INFO [publisher_pipeline_output] pipeline/output.go:144 Connecting to backoff(elasticsearch(https://node-1:9200))
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.270+0430 INFO [publisher] pipeline/retry.go:221 retryer: send unwait signal to consumer
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.270+0430 INFO [publisher] pipeline/retry.go:225 done
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.271+0430 INFO [esclientleg] eslegclient/connection.go:306 Attempting to connect to Elasticsearch version 7.8.0
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.273+0430 INFO [license] licenser/es_callback.go:51 Elasticsearch license: Basic
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.296+0430 INFO [index-management] idxmgmt/std.go:259 Auto ILM enable success.
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.297+0430 INFO [index-management.ilm] ilm/std.go:139 do not generate ilm policy: exists=true, overwrite=false
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.297+0430 INFO [index-management] idxmgmt/std.go:272 ILM policy successfully loaded.
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.297+0430 INFO [index-management] idxmgmt/std.go:405 Set setup.template.name to '{filebeat-7.8.0 {now/d}-000001}' as ILM is enabled.
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.297+0430 INFO [index-management] idxmgmt/std.go:410 Set setup.template.pattern to 'filebeat-7.8.0-*' as ILM is enabled.
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.297+0430 INFO [index-management] idxmgmt/std.go:444 Set settings.index.lifecycle.rollover_alias in template to {filebeat-7.8.0 {now/d}-000001} as ILM is enabled.
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.297+0430 INFO [index-management] idxmgmt/std.go:448 Set settings.index.lifecycle.name in template to {filebeat {"policy":{"phases":{"hot":{"actions":{"rollover":{"max_age":"30d","max_size":"50gb"}}}}}}} as ILM is enabled.
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.299+0430 INFO template/load.go:89 Template filebeat-7.8.0 already exists and will not be overwritten.
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.299+0430 INFO [index-management] idxmgmt/std.go:296 Loaded index template.
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.301+0430 INFO [index-management] idxmgmt/std.go:307 Write alias successfully generated.
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.392+0430 INFO [publisher_pipeline_output] pipeline/output.go:152 Connection to backoff(elasticsearch(https://node-1:9200)) established
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.396+0430 INFO [publisher] pipeline/retry.go:221 retryer: send unwait signal to consumer
	Sep 09 04:13:00 TestSIEM filebeat[26565]: 2020-09-09T04:13:00.396+0430 INFO [publisher] pipeline/retry.go:225 done
	Sep 09 04:13:02 TestSIEM filebeat[26565]: 2020-09-09T04:13:02.186+0430 ERROR [publisher_pipeline_output] pipeline/output.go:181 failed to publish events: temporary bulk send failure
	Sep 09 04:13:02 TestSIEM filebeat[26565]: 2020-09-09T04:13:02.186+0430 INFO [publisher_pipeline_output] pipeline/output.go:144 Connecting to backoff(elasticsearch(https://node-1:9200))
	Sep 09 04:13:02 TestSIEM filebeat[26565]: 2020-09-09T04:13:02.187+0430 INFO [publisher] pipeline/retry.go:221 retryer: send unwait signal to consumer
	Sep 09 04:13:02 TestSIEM filebeat[26565]: 2020-09-09T04:13:02.187+0430 INFO [publisher] pipeline/retry.go:225 done
	Sep 09 04:13:02 TestSIEM filebeat[26565]: 2020-09-09T04:13:02.188+0430 INFO [esclientleg] eslegclient/connection.go:306 Attempting to connect to Elasticsearch version 7.8.0