Filebeat monitoring

ashok9177 · May 30, 2018, 10:09am

Hello, below is my filebeat configuration, getting an error Exiting: more than one namespace configured accessing config

# filebeat

filebeat.prospectors:

type: log
paths:
- /opt/id/logs/*
  fields:
  component: idr
  multiline.pattern: '^[[:space:]]'
  multiline.negate: false
  multiline.match: after
  registry_file: /opt/beat/registry

fields_under_root: true

logging:
level: info
to_files: true
files:
path: /opt/id/logs
name: beat.log
rotateeverybytes: 10485760 # 10 MB
keepfiles: 2

xpack.monitoring:
enabled: true
elasticsearch:
hosts: ["http://10.2.34:9200"]
username: elastic
password: password

output.logstash:
hosts: ["elkhost"]
ssl.certificate_authorities:
- certs/ca.crt

harshbajaj16 · May 30, 2018, 11:35am

Hi @ashok9177,

i've checked your config file and found you have enabled both the o/p section i.e. elasticsearch and logstash but we can configure only one o/p section at a time.

please disable one o/p section and restart the service and let me know if you are still getting this error.

Regards,

ashok9177 · May 30, 2018, 11:38am

but i want monitor filebeat hosts and need to send logs to logstash to apply grok filter , in this case what can i do ?

i think we can not monitor filebeats with logstash right?

harshbajaj16 · May 30, 2018, 11:47am

Hi,

i didn't get you more please find below comments.
Query 1:

for this please enable only logstash o/p section and disable elasticsearch o/p means comments below line.

Query 2:

i'm not able to understand but if you are asking about config the logstash o/p then we can configure logstash o/p or please explain bit more so that i can understand and provide solution.

regards,

ashok9177 · May 30, 2018, 12:11pm

I should configure logstash output as well as monitoring filebeat nodes also how can I achieve this?

if I configure like below mentioned, getting error Exiting: No monitoring reporter configured

    xpack.monitoring:
      enabled: true
    output.logstash:
        hosts: ["elkhost"]
        ssl.certificate_authorities:
          - certs/ca.crt

harshbajaj16 · May 31, 2018, 4:55am

Hi @ashok9177,

The error "more than one namespace configured" is not there now which was mentioned earlier.

And below error is related to X-pack monitoring.

for this i've checked the documentation of filebeat where clearly mentioned >>"Add the xpack.monitoring settings in the Filebeat configuration file. If you configured Elasticsearch output and you want to use the same Elasticsearch production cluster and credentials"<<
It means we can configure X-pack monitoring in filebeat with elasticsearch only. Please find below links for your reference and let me know if you need any help from my side.

Please do let me know in case you have any query.

Regards,

ashok9177 · May 31, 2018, 5:09am

Hello Harsh , Thanks for your help I appreciate that. I followed the same procedure which is in elk document, and I am configuring logs output to Logstash and filebeat monitoring metrics to elasticsearch node, you can see that in the beginning post, but initially, I was getting an error Exiting: more than one namespace configured accessing config but i configured only one output

system · June 28, 2018, 5:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.