Filebeat monitoring

ashok9177 · May 30, 2018, 10:09am

Hello, below is my filebeat configuration, getting an error Exiting: more than one namespace configured accessing config

# filebeat

filebeat.prospectors:

type: log
paths:
- /opt/id/logs/*
  fields:
  component: idr
  multiline.pattern: '^[[:space:]]'
  multiline.negate: false
  multiline.match: after
  registry_file: /opt/beat/registry

fields_under_root: true

logging:
level: info
to_files: true
files:
path: /opt/id/logs
name: beat.log
rotateeverybytes: 10485760 # 10 MB
keepfiles: 2

xpack.monitoring:
enabled: true
elasticsearch:
hosts: ["http://10.2.34:9200"]
username: elastic
password: password

output.logstash:
hosts: ["elkhost"]
ssl.certificate_authorities:
- certs/ca.crt

harshbajaj16 · May 30, 2018, 11:35am

Hi @ashok9177,

i've checked your config file and found you have enabled both the o/p section i.e. elasticsearch and logstash but we can configure only one o/p section at a time.

please disable one o/p section and restart the service and let me know if you are still getting this error.

Regards,

ashok9177 · May 30, 2018, 11:38am

but i want monitor filebeat hosts and need to send logs to logstash to apply grok filter , in this case what can i do ?

i think we can not monitor filebeats with logstash right?

harshbajaj16 · May 30, 2018, 11:47am

Hi,

i didn't get you more please find below comments.
Query 1:

for this please enable only logstash o/p section and disable elasticsearch o/p means comments below line.

Query 2:

i'm not able to understand but if you are asking about config the logstash o/p then we can configure logstash o/p or please explain bit more so that i can understand and provide solution.

regards,

ashok9177 · May 30, 2018, 12:11pm

I should configure logstash output as well as monitoring filebeat nodes also how can I achieve this?

if I configure like below mentioned, getting error Exiting: No monitoring reporter configured

    xpack.monitoring:
      enabled: true
    output.logstash:
        hosts: ["elkhost"]
        ssl.certificate_authorities:
          - certs/ca.crt

harshbajaj16 · May 31, 2018, 4:55am

Hi @ashok9177,

The error "more than one namespace configured" is not there now which was mentioned earlier.

And below error is related to X-pack monitoring.

for this i've checked the documentation of filebeat where clearly mentioned >>"Add the xpack.monitoring settings in the Filebeat configuration file. If you configured Elasticsearch output and you want to use the same Elasticsearch production cluster and credentials"<<
It means we can configure X-pack monitoring in filebeat with elasticsearch only. Please find below links for your reference and let me know if you need any help from my side.
https://www.elastic.co/guide/en/beats/filebeat/current/monitoring.html#monitoring

Please do let me know in case you have any query.

Regards,

ashok9177 · May 31, 2018, 5:09am

Hello Harsh , Thanks for your help I appreciate that. I followed the same procedure which is in elk document, and I am configuring logs output to Logstash and filebeat monitoring metrics to elasticsearch node, you can see that in the beginning post, but initially, I was getting an error Exiting: more than one namespace configured accessing config but i configured only one output

system · June 28, 2018, 5:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.