Hello Everyone
I am unable to start filebeat service, getting below error:
filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Fri 2022-02-18 16:46:50 EST; 1s ago
Docs: https://www.elastic.co/beats/filebeat
Process: 61386 ExecStart=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS (code=exited, status=1/FAILURE)
Main PID: 61386 (code=exited, status=1/FAILURE)
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: Unit filebeat.service entered failed state.
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: filebeat.service failed.
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: filebeat.service holdoff time over, scheduling restart.
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: start request repeated too quickly for filebeat.service
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: Unit filebeat.service entered failed state.
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: filebeat.service failed.
I have setup only Elasticsearch output and disabled logstash.output, here is the filebeat.yml:
filebeat.inputs:
- type: log
enabled: True
paths:
- /datavg/elk/filebeatinput/*.json
###elasticsearch output #######
output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["localhost:9200"]
hosts: ["http://XX.XXX.XXX.XX:9200"]
username: "XXXX"
password: "XXXX"
index: "broncos"
setup.template.name: "broncos"
setup.template.pattern: "broncos"
#### logstash host is disabled/commented#####
output.logstash:
# The Logstash hosts
#hosts: ["XX.XXX.XXX.XX:5044"]
Why I am still getting the above error and unable to run filebeat