Filebeat Does Not Start

I followed the instructions to install Filebeats to ingest Suricata eve.json data into Elasticsearch. Filebeat fails on start on Ubuntu

Error Screenshot

image.jpg1397×402 276 KB

The setup created the dashboards and the Elasticsearch filebeat.* index but no data is coming in probably because Filebeat is not running. Cannot figure out why.

It is supposed to be pulling data from eve.json file and putting data into Elasticsearch but cannot see how it knows to ingest data from that file.

Hello, thanks for reaching out regarding filebeat. Could you please include the contents of your filebeat.yml configuration file?

Thanks.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.