Filebeat not working

Drupad_Soni · May 28, 2021, 10:10am

● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/lib/systemd/system/filebeat.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2021-05-28 10:06:58 UTC; 6s ago
Docs: Filebeat: Lightweight Log Analysis & Elasticsearch | Elastic
Process: 7631 ExecStart=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS (cod
Main PID: 7631 (code=exited, status=1/FAILURE)

May 28 10:06:58 testmispelk systemd[1]: filebeat.service: Service hold-off time over, scheduling restart.
May 28 10:06:58 testmispelk systemd[1]: filebeat.service: Scheduled restart job, restart counter is at 5.
May 28 10:06:58 testmispelk systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
May 28 10:06:58 testmispelk systemd[1]: filebeat.service: Start request repeated too quickly.
May 28 10:06:58 testmispelk systemd[1]: filebeat.service: Failed with result 'exit-code'.
May 28 10:06:58 testmispelk systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..

FALEN · May 28, 2021, 10:31am

Can you share filebeat.yml config, and add this to your config to see more info in logs

logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644

Drupad_Soni · May 29, 2021, 7:04pm

Yes ,

also

I am facing this error now in kibana

Drupad_Soni · May 29, 2021, 7:07pm

Now,

I have feeded misp module of filebeat now I am not looking at any feeds of misp in elk

I am not really sure where is the lag

mohamed_el_mannouti · May 29, 2021, 8:32pm

what's your outupt elasticsearch or logstash?

system · June 26, 2021, 8:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.