Hi 
I am currently having an issue with filebeat. It is running and can connect to the kafka host although it is not creating /var/log/filebeat nor writing to it. Which I believe is key to then send the beats over to kafka.
I followed https://www.elastic.co/guide/en/beats/filebeat/7.x/running-with-systemd.html
But still no luck
sudo systemctl edit filebeat.service
[Service]
Environment=“BEAT_LOG_OPTS=”
[centos@hostA ~]$ sudo systemctl edit filebeat.service
[centos@hostA ~]$ sudo systemctl daemon-reload
[centos@hostA ~]$ sudo systemctl restart filebeat
No folder created in /var/log
My playbook:
---
- name: Install or update filebeat client
hosts: hostA
gather_facts: yes
tasks:
- name: Retrieve latest beats role
shell: ansible-galaxy install --force -p /elastic-log/ elastic.beats
delegate_to: 127.0.0.1
no_log: false #turn to true after debug
- name: Install filebeat
no_log: false #turn to true after debug
include_role:
name: elastic.beats
vars:
beat: filebeat
beat_conf:
filebeat:
inputs:
- type: log
enabled: true
paths: ['/tmp/hostA/logs/*.log']
scan_frequency: 5s
ignore_older: 5h
fields:
topic: hostA_logs
fields_under_root: true
logging:
files:
keepfiles: 10
name: filebeat.log
path: '/var/log/filebeat/'
rotateeverybytes: 10485760
permissions: 0644
level: debug
to_files: true
output.kafka:
enabled: true
hosts: ["hostB"]
topic: '%{[topic]}'
partition.round_robin:
reachable_only: false
required_acks: 1
output.elasticsearch:
enabled: false
