Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch

Adityadgr8 · February 18, 2022, 9:57pm

Hello Everyone

I am unable to start filebeat service, getting below error:

 filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
   Loaded: loaded (/usr/lib/systemd/system/filebeat.service; disabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Fri 2022-02-18 16:46:50 EST; 1s ago
     Docs: https://www.elastic.co/beats/filebeat
  Process: 61386 ExecStart=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS (code=exited, status=1/FAILURE)
 Main PID: 61386 (code=exited, status=1/FAILURE)

Feb 18 16:46:50 FALINFCDD0006V systemd[1]: Unit filebeat.service entered failed state.
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: filebeat.service failed.
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: filebeat.service holdoff time over, scheduling restart.
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: start request repeated too quickly for filebeat.service
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: Unit filebeat.service entered failed state.
Feb 18 16:46:50 FALINFCDD0006V systemd[1]: filebeat.service failed.

I have setup only Elasticsearch output and disabled logstash.output, here is the filebeat.yml:

filebeat.inputs:

- type: log
  enabled: True
  paths:
    - /datavg/elk/filebeatinput/*.json

###elasticsearch output #######
output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]
  hosts: ["http://XX.XXX.XXX.XX:9200"]
  username: "XXXX"
  password: "XXXX"
  index: "broncos"
  setup.template.name: "broncos"
  setup.template.pattern: "broncos"

#### logstash host is disabled/commented#####
output.logstash:
  # The Logstash hosts
  #hosts: ["XX.XXX.XXX.XX:5044"]

Why I am still getting the above error and unable to run filebeat

leandrojmp · February 18, 2022, 11:26pm

Is the line output.logstash: commented? You need to comment the line as well.

Adityadgr8 · February 19, 2022, 6:26am

all the logstash.output attribute were commented. But as per your suggestion, I have commented it also. But still showing the same error.

leandrojmp · February 19, 2022, 3:31pm

Yes, the output.logstash needs to be commented, not just the attributes.

Since it is a systemd error, you need to check the system logs, it should bem in /var/log/messages for Red Hat/CentOS based systems or /var/log/syslog for Debian/Ubuntu based systems.

Look at the time frame when you tried to start if there is any hint of the issue, you could also try to start it again to get new logs.

system · March 19, 2022, 5:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch Beats filebeat	1	1739	January 19, 2021
Systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch Beats docker , filebeat	2	2131	May 12, 2021
Couldnt start filebeat-Please HELP! Beats filebeat	3	3140	November 13, 2019
Failed to start Filebeat Beats filebeat	2	130	August 29, 2023
Filebeat startup fail Beats filebeat	4	1417	April 22, 2019

Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch

Related topics