In reference to:
It looks like the MSI installers now support passing INSTALLDIR...but it looks like the beats don't handle quoting properly and cause services to fail to start.
Just tried to install Auditbeat, Metricbeat, and Winlogbeat 8.13.1 and all the services fail to start.
Copying the start string from the services throws errors showing quotes in the wrong spots.
Removing the quotes allows the beats to start up properly.
I should note that his issue might occur in other beat versions. We're upgrading from 8.11.1 to 8.13.1.
Confirmed that removing the quotes from:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlogbeat\ImagePath
Allows the services to start up properly. This won't help people who have installed to paths containing spaces (i.e. "c:\Program Files")
Can you please share what you passed to InstallDir? Preferably the full msiexec command?
msiexec /i https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-8.13.1-windows-x86_64.msi INSTALLDIR=c:\beats\winlogbeat\ /qn /norestart
I tried quoting it as well (INSTALLDIR="c:\beats\winlogbeat") and still ran into problems.
Thanks for reporting this, we'll work on a fix shortly.
If you have the ability to run a command after the install you can workaround this issue by running sc to modify the binpath:
sc config winlogbeat binpath= "\"C:\Program Files\Elastic\Beats\8.13.2\winlogbeat\winlogbeat.exe\" --path.home \"C:\Program Files\Elastic\Beats\8.13.2\winlogbeat\" --path.config \"C:\Program Files\Elastic\Beats\8.13.2\winlogbeat\" --path.data \"C:\Program Files\Elastic\Beats\8.13.2\winlogbeat\data\" --path.logs \"C:\Program Files\Elastic\Beats\8.13.2\winlogbeat\logs\" -E logging.files.redirect_stderr=true"
Changing the paths to match your custom path
You can follow the fix here: Remove trailing slash and store data and logs in subfolders by strawgate · Pull Request #264 · elastic/elastic-stack-installers · GitHub
No worries--we use saltstack for deployment. We already pushed out updated registry keys as a work-around.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.