Filebeat not working

Filebeat not working

● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/lib/systemd/system/filebeat.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2021-05-28 10:06:58 UTC; 6s ago
Docs: Filebeat: Lightweight Log Analysis & Elasticsearch | Elastic
Process: 7631 ExecStart=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS (cod
Main PID: 7631 (code=exited, status=1/FAILURE)

May 28 10:06:58 testmispelk systemd[1]: filebeat.service: Service hold-off time over, scheduling restart.
May 28 10:06:58 testmispelk systemd[1]: filebeat.service: Scheduled restart job, restart counter is at 5.
May 28 10:06:58 testmispelk systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
May 28 10:06:58 testmispelk systemd[1]: filebeat.service: Start request repeated too quickly.
May 28 10:06:58 testmispelk systemd[1]: filebeat.service: Failed with result 'exit-code'.
May 28 10:06:58 testmispelk systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..

Can you share filebeat.yml config, and add this to your config to see more info in logs

logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644

Yes ,

also

image1366×513 25.6 KB

Error: Unexpected token < in JSON at position 0
at search_interceptor_EnhancedSearchInterceptor.handleSearchError (http://20.42.94.65:5601/40865/bundles/plugin/data/kibana/data.plugin.js:1:392845)
at t.selector (http://20.42.94.65:5601/40865/bundles/plugin/dataEnhanced/8.0.0/dataEnhanced.plugin.js:2:25709)
at t.error (http://20.42.94.65:5601/40865/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:329:85314)
at t._error (http://20.42.94.65:5601/40865/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:21:58520)
at t.error (http://20.42.94.65:5601/40865/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:21:58214)
at t.error (http://20.42.94.65:5601/40865/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:283:167877)
at Object.error (http://20.42.94.65:5601/40865/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:329:117577)
at t.__tryOrUnsub (http://20.42.94.65:5601/40865/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:21:60242)
at t.error (http://20.42.94.65:5601/40865/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:21:59643)
at t._error (http://20.42.94.65:5601/40865/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:21:58520)

I am facing this error now in kibana

Now,

I have feeded misp module of filebeat now I am not looking at any feeds of misp in elk

image1053×41 4.62 KB

image1346×288 14.1 KB

I am not really sure where is the lag

what's your outupt elasticsearch or logstash?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.