Filebeat monitoring

Elastic Stack Beats
1

Hello, below is my filebeat configuration, getting an error Exiting: more than one namespace configured accessing config

# filebeat

filebeat.prospectors:

  • type: log
    paths:
    • /opt/id/logs/*
      fields:
      component: idr
      multiline.pattern: '^[[:space:]]'
      multiline.negate: false
      multiline.match: after
      registry_file: /opt/beat/registry

fields_under_root: true

logging:
level: info
to_files: true
files:
path: /opt/id/logs
name: beat.log
rotateeverybytes: 10485760 # 10 MB
keepfiles: 2

xpack.monitoring:
enabled: true
elasticsearch:
hosts: ["http://10.2.34:9200"]
username: elastic
password: password

output.logstash:
hosts: ["elkhost"]
ssl.certificate_authorities:
- certs/ca.crt

2

Hi @ashok9177,

i've checked your config file and found you have enabled both the o/p section i.e. elasticsearch and logstash but we can configure only one o/p section at a time.

please disable one o/p section and restart the service and let me know if you are still getting this error.

Regards,

3

but i want monitor filebeat hosts and need to send logs to logstash to apply grok filter , in this case what can i do ?

i think we can not monitor filebeats with logstash right?

4

Hi,

i didn't get you more please find below comments.
Query 1:

for this please enable only logstash o/p section and disable elasticsearch o/p means comments below line.

Query 2:

i'm not able to understand but if you are asking about config the logstash o/p then we can configure logstash o/p or please explain bit more so that i can understand and provide solution.

regards,

5

I should configure logstash output as well as monitoring filebeat nodes also how can I achieve this?

if I configure like below mentioned, getting error Exiting: No monitoring reporter configured

    xpack.monitoring:
      enabled: true
    output.logstash:
        hosts: ["elkhost"]
        ssl.certificate_authorities:
          - certs/ca.crt
6

Hi @ashok9177,

The error "more than one namespace configured" is not there now which was mentioned earlier.

And below error is related to X-pack monitoring.

for this i've checked the documentation of filebeat where clearly mentioned >>"Add the xpack.monitoring settings in the Filebeat configuration file. If you configured Elasticsearch output and you want to use the same Elasticsearch production cluster and credentials"<<
It means we can configure X-pack monitoring in filebeat with elasticsearch only. Please find below links for your reference and let me know if you need any help from my side.

Please do let me know in case you have any query.

Regards,

7

Hello Harsh , Thanks for your help I appreciate that. I followed the same procedure which is in elk document, and I am configuring logs output to Logstash and filebeat monitoring metrics to elasticsearch node, you can see that in the beginning post, but initially, I was getting an error Exiting: more than one namespace configured accessing config but i configured only one output

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.