When I try to start filebeat using sudo service filebeat start it does not throw any error. But when I do sudo service filebeat status I see the following error
● filebeat.service - filebeat
Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
Active: inactive (dead) (Result: exit-code) since Fri 2017-04-14 09:16:22 EDT; 45min ago
Docs: https://www.elastic.co/guide/en/beats/filebeat/current/index.html
Process: 1313 ExecStart=/usr/bin/filebeat -c /etc/filebeat/filebeat.yml (code=exited, status=1/FAILURE)
Main PID: 1313 (code=exited, status=1/FAILURE)
Apr 14 09:16:21 ip-10-94-0-4 systemd[1]: filebeat.service: Unit entered failed state.
Apr 14 09:16:21 ip-10-94-0-4 systemd[1]: filebeat.service: Failed with result 'exit-code'.
Apr 14 09:16:22 ip-10-94-0-4 systemd[1]: filebeat.service: Service hold-off time over, scheduling restart.
Apr 14 09:16:22 ip-10-94-0-4 systemd[1]: Stopped filebeat.
Apr 14 09:16:22 ip-10-94-0-4 systemd[1]: filebeat.service: Start request repeated too quickly.
Apr 14 09:16:22 ip-10-94-0-4 systemd[1]: Failed to start filebeat.
I also checked the config yaml using the following command filebeat -configtest -c filebeat.yml I don't see any errors.
My filebeat.yml is as follows
filebeat:
prospectors:
path:
- /var/log/auth.log
- /var/log/syslog
- /var/log/tomcat8/catalina.out
input_type: log
document_type: syslog
registry_file: /var/lib/filebeat/registry
output:
logstash:
hosts:
- '10.10.0.226:5044'
bulk_max_size: 1024
tls:
certificate_authorities:
- /etc/pki/tls/certs/logstash-forwarder.crt
shipper: null
logging:
to_files: false
files:
path: /var/log/mybeat
name: mybeat
rotateeverybytes: 10485760
keepfiles: 3
level: info