Filebeat as a non-root user

Not sure if you have altered your logs here for security but it seems it is checking for /var/log/mylogfile.

Typically /var/log is owned by root and a non-root user won't be able to create files under /var/log. In my experience filebeat will rotate the logs and create a new filebeat log file with every restart. So you need to make sure that the filebeat user has write permissions to the log directory. Creating a directory /var/log/filebeat and having that directory be owned by filebeat should do the trick if this is the issue.

I run my filebeat with non-root user under RHEL with no issues. I am not using RPM deployment though. The way I accomplish it is by making sure the service start script runs as the non-root user so the start command

ExecStart=/usr/bin/filebeat -c /etc/filebeat/filebeat.yml -d '*'

will get triggered by the non-root user and it all works fine.

Here is the checkuser function of my service start shell script:

RUN_AS="filebeat"
# if this script is not yet running as the right user use su to run it again as the correct user
# This will prevent output files from being created with wrong user ownership
checkuser() {
  # Check to see if we are running as the right user. Else switch, and re-exec
  if test `/usr/bin/id -un` = $RUN_AS; then
    #echo $0 --- Already running as correct user $RUN_AS
    :
  elif test `/usr/bin/id -un` = "root"; then
    echo "$0 --- Running as `/usr/bin/id -un`. Re-exec to run as $RUN_AS"
    exec /bin/su - $RUN_AS -c "$0 $ARGS"
    exit 0
  else
    echo "Only root or $RUN_AS can start $EXECUTABLE"
    exit 1
  fi

}

...

ARGS=$*;
case $1 in 
'start')
    checkuser
    for CONFIG in "${config_list[@]}"; do
        startproc
    done
    ;;

...