Filebeat is failing to start with the following error.
ERR Exiting: fileset okta/system is configured but doesn't exist
I am attempting to run filebeat as an application in PCF with the input being sys logs from Okta (using the okta filebeat module) and the output being a standard Elasticsearch cluster.
Any suggestions would be appreciated, I would be happy to provide more info as requested.
Perhaps share your manifest.yml.
Did you cf push from the top directory that you untared the Linux Filebeat tar.gz.. the directory that filebeat* is in , all that needs to be pushed up not just the executable.
Also you will need to run ./filebeat setup before you cf push to PCF assuming you want to load the Okta templates , dashboards etc.
Here is my sample manifest
applications:
- name: filebeat
memory: 1G
instances: 2
buildpacks:
- binary_buildpack
command: ./filebeat -e -c ~/filebeat.yml
stack: cflinuxfs3
health-check-type: process
no-route: true
Run from this directory / location
ceres:sandbox sbrown$ cd filebeat-7.11.2-linux-x86_64
LICENSE.txt fields.yml filebeat.yml manifest.yml
NOTICE.txt filebeat* filebeat.yml.org module/
README.md filebeat.reference.yml kibana/ modules.d/
ceres:sandbox sbrown$ tar -xvf filebeat-7.11.2-linux-x86_64.tar.gz
ceres:sandbox sbrown$ cd filebeat-7.11.2-linux-x86_64
ceres:filebeat-7.11.2-linux-x86_64 sbrown$ ./filebeat setup
ceres:filebeat-7.11.2-linux-x86_64 sbrown$ cf push
All that works then you may or may not have connectivity to the OKTA endpoint and the Elasticsearch endpoint, I assume you have accounted for that.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.