Filebeat is not able to ship data after few scan cycles

Chaitra_Kurdekar · November 7, 2016, 1:27pm

Hi,
Issue 1) i have configured file beat (filebeat-5.0.0-rc1-linux-x86_64) with elasticsearch (without logstash). Its observed after few scan cycles it is not able to ship the data from log files to elasticsearch engine.

here is the command executed to run filebeat as bacjground process
./filebeat -c filebeat.full.yml -e"*"&

Issue 2) Is there any way to safely shutdown filebeat without killing process?
Issue 3) also, on restart of filebeat, it is reading contents from scrach instaed of reading from last line which was added in log file. timebeing i have set tail_files: true not sure is this going to solve the problem.

Please help. Note i have raised 3 question, pl respond by each issue wise.

here is the filebeat.full.yml contents:

filebeat.prospectors:
- input_type: log
  paths:
    - /opt/apache-tomcat-8.0.27/logs/brandster-request-response.log
  document_type: brandster
  json.message_key: timestamp
  json.keys_under_root: true
  json.overwrite_keys: true
  json.add_error_key: true
  tail_files: true
filebeat.idle_timeout: 60s
output.elasticsearch:
  hosts: ["10.122.65.43:9200","10.122.65.45:9200","10.122.65.46:9200","10.122.65.47:9200","10.122.65.48:9200"]
  index: "brandster-idx"
  template.enabled: true
  template.path: "/opt/filebeat-5.0.0-rc1-linux-x86_64/filebeat.template.json"
  template.overwrite: true
output.file:
  enabled: true
  path: "/opt/filebeat-5.0.0-rc1-linux-x86_64/temp"
output.console:
  enabled: true
  pretty: true
logging.to_files: true
logging.files:
  path: "/opt/filebeat-5.0.0-rc1-linux-x86_64/logs"

ruflin · November 7, 2016, 5:43pm

Can you share some log files here? There should be more data on why no further data is shipped.
You could be interested in https://www.elastic.co/guide/en/beats/filebeat/5.0/configuration-global-options.html#shutdown-timeout
I think something goes wrong with persisting the state to disk or sending your data. If data is not sent, state is also not persisted. I assume solving problem 1 will solve 3 automatically. No need for tail_files

Please use GA release instead of rc1.

Chaitra_Kurdekar · November 9, 2016, 6:26am

Thanks Ruflin.

Log file is less than 1 MB
2-3) Is there any way that filebeat will run forever and will not shutdown?
even if i specify shutdown_timeout as 24 hours what will happen? is it recommonded?
how we can recognise filebeat is running or has stopped? if we we filebeat as background process PID is still showing as active.
what is standard way to watch and restart filebeat?

where i can find out GA release? filebeat-5.0.0-linux-x86_64 is it GA release?
Thanks
Chaitra

ruflin · November 10, 2016, 8:59am

I meant if you could share the content of the log file. Best paste it into a gist and link it here.
shutdown_timeout only has an affect when you stop filebeat. Here are the docs: https://www.elastic.co/guide/en/beats/filebeat/5.0/configuration-global-options.html#shutdown-timeout

Here you can download the most recent releases: https://www.elastic.co/downloads/beats

About running filebeat: That depends on your environment and how you installed filebeat.

Topic		Replies	Views
Filebeat stops sending logs with no reason Beats	5	4973	October 11, 2017
Filebeat is not reading the log file in real time Beats filebeat	14	5945	February 16, 2021
Filebeat lost data when elasticsearch is down Beats filebeat	5	2623	July 6, 2018
Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch Beats filebeat	3	1822	August 14, 2022
Filebeat is not sending complete logs Beats filebeat	5	2015	June 29, 2016

Filebeat is not able to ship data after few scan cycles

Related topics