Can't start the filebeat for windows

KWLam · March 9, 2018, 8:16am

I am just new to elastic. my elasticsearch is up and kibana is up too.
however, I can't start my Filebeat to load the log into elastic.

I can't start the filebeat services. When I run this C:\Program Files\filebeat>.\filebeat.exe -c filebeat.yml -e
I had the following error at the last line of the log:

ERROR instance/beat.go:667 Exiting: Error in initing prospector: No paths were defined for prospector accessing 'filebeat.prospectors.0' (source:'filebeat.yml') Exiting: Error in initing prospector: No paths were defined for prospector accessing 'filebeat.prospectors.0' (source:'filebeat.yml')

my filebeat.yml just setup as below: very simple
filebeat.prospectors:

type: log
enabled: true
paths:
c:\temp\log*

need your advise.

Christian_Dahlqvist · March 9, 2018, 8:20am

.yml files are sensitive to indentation, so make sure you have followed the examples in the docs closely. It is hard to tell if your config is correct or not as you have not formatted the post correctly.

KWLam · March 9, 2018, 8:24am

my setup as :

type: log
enabled: true
paths:
c:\temp\log*

setup.kibana:
host: "localhost:5601"

output.elasticsearch:
hosts: ["localhost:9200"]

Optional protocol and basic auth credentials.

protocol: "https"

username: "elastic"
password: "elastic"

Christian_Dahlqvist · March 9, 2018, 8:25am

Can you format the config using the </> control in the UI?

KWLam · March 9, 2018, 8:27am

my setup as :

type: log
enabled: true
paths:
c:\temp\log*

setup.kibana:
host: "localhost:5601"

output.elasticsearch:
hosts: ["localhost:9200"]
username: "elastic"
password: "elastic"

Christian_Dahlqvist · March 9, 2018, 8:30am

It is still not correctly formatted, but it looks like you have an issue with indentation. As per the docs it should look something like this:

filebeat.prospectors:
- type: log
  enabled: true
  paths:
    - C:/temp/log*

KWLam · March 9, 2018, 8:32am

sample as : - c:\programdata\elasticsearch\logs*
windows is using "" not "/"

which I use - c:\temp\log*

KWLam · March 9, 2018, 8:34am

same error if I am using -c:/temp/log/*

Christian_Dahlqvist · March 9, 2018, 9:10am

Please post your config with proper formatting or store it in a gist and share the link.

KWLam · March 9, 2018, 9:19am

here is my filebeat.yml config:

/ ###################### Filebeat Configuration Example #########################
/ # This file is an example configuration file highlighting only the most common
/ # options. The filebeat.reference.yml file from the same directory contains all the
/ # supported options with more comments. You can use it as a reference.

/ #=========================== Filebeat prospectors =============================
filebeat.prospectors:
/ # Each - is a prospector. Most options can be set at the prospector level, so
/ # you can use different prospectors for various configurations.
/ # Below are the prospector specific configurations.
- type: log
/ # Change to true to enable this prospector configuration.
enabled: true
/ # Paths that should be crawled and fetched. Glob based paths.
paths:
- c:/temp/log/.log
/ # - /var/log/.log
/ #- c:\programdata\elasticsearch\logs*

/ #============================= Filebeat modules ===============================
filebeat.config.modules:
/ # Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml

/ # Set to true to enable config reloading
reload.enabled: false

/ # Period on which files under path should be checked for changes
/ #reload.period: 10s

/ #==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 3
/ #index.codec: best_compression
/ #_source.enabled: false

/ #============================== Kibana =====================================
setup.kibana:
/ # Kibana Host
/ # Scheme and port can be left out and will be set to the default (http and 5601)
/ # In case you specify and additional path, the scheme is required: http://localhost:5601/path
/ # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
host: "localhost:5601"

/ #================================ Outputs =====================================
/ # Configure what output to use when sending the data collected by the beat.
/ #-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
/ # Array of hosts to connect to.
hosts: ["localhost:9200"]

/ # Optional protocol and basic auth credentials.
/ # protocol: "https"
username: "elastic"
password: "elastic"

/ #----------------------------- Logstash output --------------------------------

/ #================================ Logging =====================================
/ # Sets log level. The default log level is info.
/ # Available log levels are: error, warning, info, debug
logging.level: debug

/ # At debug level, you can selectively enable logging only for some components.
/ # To enable all selectors use [""]. Examples of other selectors are "beat",
/ # "publish", "service".
/ #logging.selectors: [""]

KWLam · March 9, 2018, 9:21am

2018-03-09T14:21:01.041+0800 INFO instance/beat.go:468 Home path: [C:\Program Files\filebeat] Config path: [C:\Program Files\filebeat] Data path: [C:\Program Files\filebeat\data] Logs path: [C:\Program Files\filebeat\logs]
2018-03-09T14:21:01.295+0800 DEBUG [beat] instance/beat.go:495 Beat metadata path: C:\Program Files\filebeat\data\meta.json
2018-03-09T14:21:01.296+0800 INFO instance/beat.go:475 Beat UUID: dd9885cd-c582-4450-bfa9-41272d5439e0
2018-03-09T14:21:01.296+0800 INFO instance/beat.go:213 Setup Beat: filebeat; Version: 6.2.2
2018-03-09T14:21:01.296+0800 DEBUG [beat] instance/beat.go:230 Initializing output plugins
2018-03-09T14:21:01.296+0800 DEBUG [processors] processors/processor.go:49 Processors:
2018-03-09T14:21:01.296+0800 INFO elasticsearch/client.go:145 Elasticsearch url: http://localhost:9200
2018-03-09T14:21:01.298+0800 INFO pipeline/module.go:76 Beat name: FAPLSG10010453
2018-03-09T14:21:01.300+0800 INFO elasticsearch/client.go:145 Elasticsearch url: http://localhost:9200
2018-03-09T14:21:01.300+0800 INFO instance/beat.go:301 filebeat start running.
2018-03-09T14:21:01.300+0800 INFO [monitoring] log/log.go:97 Starting metrics logging every 30s
2018-03-09T14:21:01.300+0800 INFO elasticsearch/elasticsearch.go:154 Start monitoring endpoint init loop.
2018-03-09T14:21:01.300+0800 DEBUG [monitoring] elasticsearch/client.go:42 Monitoring client: connect.
2018-03-09T14:21:01.300+0800 DEBUG [elasticsearch] elasticsearch/client.go:708 GET http://localhost:9200/_xpack?filter_path=features.monitoring.enabled
2018-03-09T14:21:01.300+0800 DEBUG [service] service/service_windows.go:51 Windows is interactive: true
2018-03-09T14:21:01.301+0800 DEBUG [registrar] registrar/registrar.go:88 Registry file set to: C:\Program Files\filebeat\data\registry
2018-03-09T14:21:01.303+0800 INFO registrar/registrar.go:108 Loading registrar data from C:\Program Files\filebeat\data\registry
2018-03-09T14:21:01.303+0800 INFO registrar/registrar.go:119 States Loaded from registrar: 0
2018-03-09T14:21:01.303+0800 INFO crawler/crawler.go:48 Loading Prospectors: 1
2018-03-09T14:21:01.303+0800 DEBUG [registrar] registrar/registrar.go:150 Starting Registrar
2018-03-09T14:21:01.304+0800 DEBUG [processors] processors/processor.go:49 Processors:
2018-03-09T14:21:01.304+0800 INFO crawler/crawler.go:109 Stopping Crawler
2018-03-09T14:21:01.304+0800 INFO crawler/crawler.go:119 Stopping 0 prospectors
2018-03-09T14:21:01.304+0800 INFO crawler/crawler.go:135 Crawler stopped
2018-03-09T14:21:01.304+0800 INFO registrar/registrar.go:210 Stopping Registrar
2018-03-09T14:21:01.304+0800 INFO registrar/registrar.go:165 Ending Registrar
2018-03-09T14:21:01.304+0800 DEBUG [registrar] registrar/registrar.go:228 Write registry file: C:\Program Files\filebeat\data\registry
2018-03-09T14:21:01.318+0800 DEBUG [registrar] registrar/registrar.go:253 Registry file updated. 0 states written.
2018-03-09T14:21:01.318+0800 INFO instance/beat.go:308 filebeat stopped.
2018-03-09T14:21:01.575+0800 INFO [monitoring] log/log.go:132 Total non-zero metrics {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":202,"time":202},"total":{"ticks":311,"time":311,"value":311},"user":{"ticks":109,"time":109}},"info":{"ephemeral_id":"d2c012f5-b23e-44cc-92aa-0732ab49169e","uptime":{"ms":745}},"memstats":{"gc_next":4194304,"memory_alloc":1469736,"memory_total":3100144,"rss":18964480}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"type":"elasticsearch"},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0},"writes":1},"system":{"cpu":{"cores":4}},"xpack":{"monitoring":{"pipeline":{"clients":1}}}}}}
2018-03-09T14:21:01.575+0800 INFO [monitoring] log/log.go:133 Uptime: 745.022ms
2018-03-09T14:21:01.575+0800 INFO [monitoring] log/log.go:110 Stopping metrics logging.
2018-03-09T14:21:01.680+0800 ERROR instance/beat.go:667 Exiting: Error in initing prospector: No paths were defined for prospector accessing 'filebeat.prospectors.0' (source:'filebeat.yml')

Christian_Dahlqvist · March 9, 2018, 9:54am

Check the indentation. As you are not able to format the config correctly when posting, and the issue likely is in the details, I do unfortunately not think I will be able to help any further.

Jeevanantham_A · March 24, 2018, 5:45pm

@Christian_Dahlqvist , am also having the same issue

Logged it in : https://stackoverflow.com/questions/49467828/filebeat-not-starting-in-windows

As you mentioned i have validated the yml format of filebeats.yml files it correct, but still getting error regarding path setup

KWLam · March 26, 2018, 10:41am

Problem fixed thanks.

Somehow the yml file corrupted, unzip the new file in, it work.

system · April 23, 2018, 12:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.