Filebeat is not writing logs when I try to start filebeat service

When I try to start the filebeat service it is throwing Error 1053 and I don't see logs that are written for this error. Can you please help

Which operating system are you using? Filebeat version? How exactly do you start up filebeat?

Hi Steffens,

Thank you for replying me. I use windows 2012 R2 64-bit OS and filebeat version is 6.5.4. I use services.msc to start filebeat service. Now I can start the service and its running successfully but could see nothing in logs. Now I'm stuck what actually happens when all components like elastic search, logstash, Kibana and filebeat services are running. I'm attaching my filebeat.yml and firstpipeline.conf file (which I created in logstash folder) from logstash

Filebeat.yml:

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log
  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
  - E:\log_archive\archive\USSBYPID1200301-18-2019--01-30-7-PM.zip\server.log
    #- c:\programdata\elasticsearch\logs\*
output.logstash:
  #The Logstash hosts
  hosts: ["localhost:5044"]

**Firstpipeline.conf from logstash config folder:**

# List of pipelines to be loaded by Logstash
#
# 

input {
    beats {
        port => "5044"
    }
}
# The filter part of this file is commented out to indicate that it is
# optional.
# filter {
#
# }
output {
    elasticsearch {
        hosts => [ "localhost:9200" ]
    }
}

I accessed http://localhost:5044 but I'm getting 'site can't be reached error' and I don't find any logs folder under logstash, i assume we have to create and point it in the above code under input but sure. If I hit http://localhost:9200, I'm getting a sample jason file with some matter which stated elastic search is working but not logs.

Please help me with it

I added these two lines also in my filebeat.yml file under enable:true which is like before paths

include_lines: ["ERROR"]
  *ignore-older: "24d" 

so now the lines which are enabled in that file are like this

filebeat.inputs:

- type: log
  
  enabled: true
  include_lines: ["ERROR"]
  *ignore-older: "24d" 
  
  paths:
   - 'E:\log_archive\archive\USSBYPID1200301-18-2019--01-30-7-PM.zip\*.log'
   
output.logstash:
   hosts: ["localhost:5044"]

Please properly format logs and config files using the </> button. YAML is sensitive to indentation and this forum uses markdown. It's difficult to spot config error without proper formatting.

I accessed http://localhost:5044 but I'm getting 'site can't be reached error' and I don't find any logs folder under logstash

The beats input does not use HTTP. It uses the lumberjack protocol, which sits on top of TCP. You can use telnet to check if the port is available from your filebeat host.

Why do you need Logstash, given your very minimal Logstash configuration?

Now I'm stuck what actually happens when all components like elastic search, logstash, Kibana and filebeat services are running.

Where exactly are you stuck? Can you share filebeat logs?

How to check if port is available from my filebeat host?

have you tried with telnet?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.