I am using ELK as separate containers:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3a3b9a484831 logstash "/docker-entrypoin..." 25 minutes ago Up 25 minutes 0.0.0.0:5044->5044/tcp logstash
7a4829ac080d kibana "/docker-entrypoin..." 50 minutes ago Up 38 minutes 0.0.0.0:5601->5601/tcp kibana
6148a8af18e6 elasticsearch "/docker-entrypoin..." About an hour ago Up About an hour 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp elasticsearch
Installed Filebeat on debian host.
$ sudo cat /etc/filebeat/filebeat.yml | egrep -v '^ *#|^$'
filebeat.prospectors:
- type: log
enabled: false
paths:
- /var/log/syslog
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
setup.kibana:
host: "localhost:5601"
output.elasticsearch:
hosts: ["localhost:9200"]
output.logstash:
hosts: ["localhost:5044"]
$ sudo systemctl status filebeat
● filebeat.service - filebeat
Loaded: loaded (/lib/systemd/system/filebeat.service; disabled)
Active: failed (Result: start-limit) since Sun 2018-04-08 11:40:56 CEST; 12min ago
Docs: https://www.elastic.co/guide/en/beats/filebeat/current/index.html
Process: 30511 ExecStart=/usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat (code=exited, status=1/FAILURE)
Main PID: 30511 (code=exited, status=1/FAILURE)
Apr 08 11:40:55 gns3-iouvm systemd[1]: Unit filebeat.service entered failed state.
Apr 08 11:40:56 gns3-iouvm systemd[1]: filebeat.service holdoff time over, scheduling restart.
Apr 08 11:40:56 gns3-iouvm systemd[1]: Stopping filebeat...
Apr 08 11:40:56 gns3-iouvm systemd[1]: Starting filebeat...
Apr 08 11:40:56 gns3-iouvm systemd[1]: filebeat.service start request repeated too quickly, refusing to start.
Apr 08 11:40:56 gns3-iouvm systemd[1]: Failed to start filebeat.
Apr 08 11:40:56 gns3-iouvm systemd[1]: Unit filebeat.service entered failed state.