ERROR instance/beat.go:1027 Exiting: 1 error: error loading config file: invalid config: yaml: line 85: did not find expected key Exiting: 1 error: error loading config file: invalid config: yaml: line 85: did not find expected key

Rios · June 11, 2023, 7:27am

So, at the end, did logs send and arrived to ES?

yash2 · June 12, 2023, 3:59am

No it did not sir.

Rios · June 19, 2023, 1:25pm

Completely miss this topic. Sorry.
Do next:

Stop your Filebeat service if is running: systemctl status filebeat
All Filebeat processes should be stopped, use ps aux to check
Download https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.17.10-linux-x86_64.tar.gz or the latest, and extact somewhere, home or opt directory
Copy [Stephen config] + add logger, or just copy this as filebeat.yml (rename old) in the directory where is filebeat extracted, and pay attention on spaces at the begging of line

filebeat.inputs:
- type: filestream
  id: my-filestream-id
  enabled: true
  paths:
    - /var/log/*.log

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false

setup.template.settings:
  index.number_of_shards: 1
 
setup.kibana:
  host: "localhost:5601"

#output.elasticsearch:
#  hosts: ["localhost:9200"]

output.console:
  pretty: true

logging.level: debug
logging.to_files: true
logging.files:
  path: ./logs
  name: filebeat.log
  keepfiles: 10
  permissions: 0644

Test config filebeat.yml in the extracted directory: ./filebeat.exe test config
Run it: ./filebeat.exe -e
You should see what's happening on the screen. You can delete the data/registry/filebeat/log.json file which keeps tracking and run it again without -e (Log to stderr and disable syslog/file output) to see only result
If everything is working, change output in filebeat.yml to elasticsearch.

yash2 · June 19, 2023, 2:25pm

Hey, I have already tried all of this, filebeat, the configuration test, specifically, ./filebeat.exe -e, went through successfully, but filebeat is never outputting any logs to the dashboard, and instead been using logstash to send the logs to Elasticsearch, still, nothing works on that end, while enabling the Elasticsearch module from filebeat.

Rios · June 19, 2023, 2:29pm

To see data in the dashboard, you have to import Kibana dashboard (filebeat setup -e) and configure module i.e. path to logs, port,...
Again it depend which FB module are you using and is that device/log/stream supported.

yash2 · June 19, 2023, 4:37pm

I have done all of that

yash2 · June 26, 2023, 7:54pm

We can close this.

stephenb · June 26, 2023, 8:02pm

@yash2 Did you find the solution?

If so can you please post so that anyone else that has the same issues might benefit?

Even if it is minor it help, or help us that answer so we might ask better questions next time.

Thanks

system · July 24, 2023, 10:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.