Filebeat does not send logs

jonathanhher · March 1, 2019, 8:58pm

good day, everyone, thank you in advance for the collaboration.

I have installed a filebeat agent on a Linux Debian server and it does not send data through the network.

I have verified the configuration and did not identify any problem:

Version
filebeat-6.6.1

configuration
- type: log
- /var/log/.log
output.elasticsearch:
hosts: ["IP:9200"]
logging.level: info
logging.selectors: [""]

The Filebeat logs are:

2019-03-01T15:47:13.569-0500    INFO    [monitoring]    log/log.go:153  Uptime: 5m59.711455611s
2019-03-01T15:47:13.569-0500    INFO    [monitoring]    log/log.go:130  Stopping metrics logging.
2019-03-01T15:47:13.569-0500    INFO    instance/beat.go:413    filebeat stopped.
tail: '/var/log/filebeat/filebeat' has become inaccessible: No such file or directory
tail: '/var/log/filebeat/filebeat' has appeared;  following new file
2019-03-01T15:47:13.606-0500    INFO    instance/beat.go:616    Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2019-03-01T15:47:13.607-0500    INFO    instance/beat.go:623    Beat UUID: 6f8b4eeb-8bac-4e6f-94d6-6627247804fb
2019-03-01T15:47:13.610-0500    INFO    [seccomp]       seccomp/seccomp.go:116  Syscall filter successfully installed
2019-03-01T15:47:13.610-0500    INFO    [beat]  instance/beat.go:936    Beat info       {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "6f8b4eeb-8bac-4e6f-94d6-6627247804fb"}}}
2019-03-01T15:47:13.610-0500    INFO    [beat]  instance/beat.go:945    Build info      {"system_info": {"build": {"commit": "928f5e3f35fe28c1bd73513ff1cc89406eb212a6", "libbeat": "6.6.1", "time": "2019-02-13T16:12:26.000Z", "version": "6.6.1"}}}
2019-03-01T15:47:13.610-0500    INFO    [beat]  instance/beat.go:948    Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":2,"version":"go1.10.8"}}}
2019-03-01T15:47:13.611-0500    INFO    [beat]  instance/beat.go:952    Host info       {"system_info": {"host": {"architecture":"x86_64","boot_time":"2018-09-03T17:32:42-05:00","containerized":false,"name":"SERVER","ip":["127.0.0.1/8","::1/128","IP/27","fe80::20c:29ff:fe14:36f5/64"],"kernel_version":"4.15.0-33-generic","mac":["00:0c:29:14:36:f5"],"os":{"family":"debian","platform":"ubuntu","name":"Ubuntu","version":"18.04.1 LTS (Bionic Beaver)","major":18,"minor":4,"patch":1,"codename":"bionic"},"timezone":"-05","timezone_offset_sec":-18000,"id":"f40db32da305468a83528795f015bf7f"}}}
2019-03-01T15:47:13.613-0500    INFO    [beat]  instance/beat.go:981    Process info    {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"ambient":null}, "cwd": "/", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 5720, "ppid": 1, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2019-03-01T15:47:13.110-0500"}}}
2019-03-01T15:47:13.613-0500    INFO    instance/beat.go:281    Setup Beat: filebeat; Version: 6.6.1
2019-03-01T15:47:16.615-0500    INFO    add_cloud_metadata/add_cloud_metadata.go:319    add_cloud_metadata: hosting provider type not detected.
2019-03-01T15:47:16.616-0500    INFO    elasticsearch/client.go:165     Elasticsearch url: http://IP:9200
2019-03-01T15:47:16.616-0500    INFO    [publisher]     pipeline/module.go:110  Beat name: SERVER
2019-03-01T15:47:16.617-0500    INFO    [monitoring]    log/log.go:117  Starting metrics logging every 30s
2019-03-01T15:47:16.617-0500    INFO    instance/beat.go:403    filebeat start running.
2019-03-01T15:47:16.618-0500    INFO    registrar/registrar.go:134      Loading registrar data from /var/lib/filebeat/registry
2019-03-01T15:47:16.618-0500    INFO    registrar/registrar.go:141      States Loaded from registrar: 0
2019-03-01T15:47:16.618-0500    INFO    crawler/crawler.go:72   Loading Inputs: 1
2019-03-01T15:47:16.618-0500    INFO    crawler/crawler.go:106  Loading and starting Inputs completed. Enabled inputs: 0
2019-03-01T15:47:16.618-0500    INFO    cfgfile/reload.go:150   Config reloader started
2019-03-01T15:47:16.619-0500    INFO    cfgfile/reload.go:205   Loading of config files completed.
2019-03-01T15:47:46.619-0500    INFO    [monitoring]    log/log.go:144  Non-zero metrics in the last 30s        {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":10,"time":{"ms":12}},"total":{"ticks":20,"time":{"ms":28},"value":0},"user":{"ticks":10,"time":{"ms":16}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":6},"info":{"ephemeral_id":"4e8e11e0-d077-47f2-abaa-81f842928fc1","uptime":{"ms":33027}},"memstats":

I have made network captures and do not see any request for sending, but from what I see the agent if you see data.

pierhugues · March 6, 2019, 4:23pm

2019-03-01T15:47:16.618-0500    INFO    crawler/crawler.go:106  Loading and starting Inputs completed. Enabled inputs: 0

Looking at the above you need to enable at least one inputs:

- type: log
  enabled: true
  paths: 
    - /var/log/ *.log*

system · April 3, 2019, 4:23pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat doesn't send logs to elasticsearch Beats filebeat	3	340	June 21, 2022
Filebeat not able to send logs to Elastic Beats filebeat	6	2732	May 28, 2019
Filebeat doesn't send logs to logstash in client server architecture Beats filebeat	11	7220	July 5, 2017
Filebeat 7.17 is not logging to files under Ubuntu Beats filebeat	7	512	October 3, 2022
Filebeat is not Seeing Log Traffic on Server Beats filebeat	5	579	April 23, 2021

Filebeat does not send logs

Related Topics