Error:control characters are not allowed

Hello,
I am using winlogbeat-1.1.2 in windows.I got the following error in the yml file of winlogbeat

2016/05/23 06:57:02.522652 beat.go:157: CRIT Setup returned an error: yaml: control characters are not allowed

My configuration file looks like this:

 ###############################################################################
############################# Winlogbeat ######################################
winlogbeat:
  # The registry file is where Winlogbeat persists its state so that the beat
  # can resume after shutdown or an outage. The default is .winlogbeat.yml
  # in the directory in which it was started.
  registry_file: C:/ProgramData/winlogbeat/.winlogbeat.yml

  # List of event logs to monitor.
  #
  # Optionally, ignore_older may be specified to filter events that are older
  # then the specified amount of time. If omitted then no filtering will
  # occur. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h"
  event_logs:
    - name: Application
      ignore_older: 72h 
    - name: Security
    - name: System

  # Diagnostic metrics that can retrieved through a web interface if a
  # bindaddress value (host:port) is specified. The web address will be
  # http://<bindaddress>/debug/vars
  #metrics:
  #  bindaddress: 'localhost:8123'

###############################################################################
############################# Libbeat Config ##################################
# Base config file used by all other beats for using libbeat features

############################# Output ##########################################

# Configure what outputs to use when sending the data collected by the beat.
# Multiple outputs may be used.
output:

  ### Elasticsearch as output
  elasticsearch:
    # Array of hosts to connect to.
    # Scheme and port can be left out and will be set to the default (http and 9200)
    # In case you specify and additional path, the scheme is required: http://localhost:9200/path
    # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
    hosts: ["localhost:9292"]

    # Optional protocol and basic auth credentials.
    #protocol: "https"
    #username: "admin"
    #password: "s3cr3t"

    # Number of workers per Elasticsearch host.
    #worker: 1

    # Optional index name. The default is "winlogbeat" and generates
    # [winlogbeat-]YYYY.MM.DD keys.
    #index: "winlogbeat"

    # Optional HTTP Path
    #path: "/elasticsearch"

    # Proxy server url
    #proxy_url: http://proxy:3128

    # The number of times a particular Elasticsearch index operation is attempted. If
    # the indexing operation doesn't succeed after this many retries, the events are
    # dropped. The default is 3.
    #max_retries: 3

    # The maximum number of events to bulk in a single Elasticsearch bulk API index request.
    # The default is 50.
    #bulk_max_size: 50

    # Configure http request timeout before failing an request to Elasticsearch.
    #timeout: 90

    # The number of seconds to wait for new events between two bulk API index requests.
    # If `bulk_max_size` is reached before this interval expires, addition bulk index
    # requests are made.
    #flush_interval: 1

    # Boolean that sets if the topology is kept in Elasticsearch. The default is
    # false. This option makes sense only for Packetbeat.
    #save_topology: false

    # The time to live in seconds for the topology information that is stored in
    # Elasticsearch. The default is 15 seconds.
    #topology_expire: 15

    # tls configuration. By default is off.
    #tls:
      # List of root certificates for HTTPS server verifications
      #certificate_authorities: ["/etc/pki/root/ca.pem"]

      # Certificate for TLS client authentication
      #certificate: "/etc/pki/client/cert.pem"

      # Client Certificate Key
      #certificate_key: "/etc/pki/client/cert.key"

      # Controls whether the client verifies server certificates and host name.
      # If insecure is set to true, all server host names and certificates will be
      # accepted. In this mode TLS based connections are susceptible to
      # man-in-the-middle attacks. Use only for testing.
      #insecure: true

      # Configure cipher suites to be used for TLS connections
      #cipher_suites: []

      # Configure curve types for ECDHE based cipher suites
      #curve_types: []

      # Configure minimum TLS version allowed for connection to logstash
      #min_version: 1.0

      # Configure maximum TLS version allowed for connection to logstash
      #max_version: 1.2

Any idea??

The YAML parser think you have non-printable control characters in your file. Do you perhaps have a Unicode byte-order mark at the beginning of the file? Check with a hex editor.

If it's not the configuration file, then maybe it's the registry file. This thread sounds very similar: Winlogbeat v5 fail to start after upgrade

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.