filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/filebeat.service.d
└─startup-timeout.conf
Active: active (exiting) since thu 2024-09-19 14:01:21 IST; 172ms ago
Docs: Filebeat: Lightweight Log Analysis & Elasticsearch | Elastic
Main PID: 280411 (filebeat)
Tasks: 1 (limit: 9329)
while testing the configuration, the output is 'config OK' , how can i resolve this issue?
You will need to check the filebeat logs and look for the ERRORs
What version are you on?
Did you check
journalctl -u filebeat.service
command: journalctl -u filebeat.service
Sep 16 11:00:56 webminsquid systemd[1]: Started Filebeat sends log files to Logstash or directly to Elasticsearch..
Sep 16 11:00:56 webminsquid filebeat[439893]: Exiting: error initializing publisher: missing required field accessing 'output.logstash.hosts'
Sep 16 11:00:56 webminsquid systemd[1]: filebeat.service: Main process exited, code=exited, status=1/FAILURE
after trying this also it is coming like this
Go to filebeat.yml and set:
output.logstash:
hosts: ["localhost:5044"]
Might be not set or indent YAML structure is not OK.
Not sure do you need to send data to ES, you cannot have it both active in yml:
output.elasticsearch:
hosts: ["localhost:9200"]
username: "user"
password: "pass"
#protocol: "https"