I have been using Filebeat, without issue on our CentOS6 machines and have started to roll it out to our CentOS7 machines. I have installed via the following repository:
However, it only logs to /var/log/messages, does not use /var/log/filebeat and I do not believe is even looking at the right configuration file.
If I run the following (/usr/bin/filebeat -e -c /etc/filebeat/filebeat.yml) but if I start it on CentOS7 via the standard: systemctl start filebeat it fails to log to /var/log/filebeat and does not start properly at all.
You'll have to split those issues since they are different, logging/starting.
But I think you will be able to just continue with the "not starting at all" if you read the following about the logs not going where you want:
Fix the logging, or not and then give us more information about the "not starting" part by sharing things like your config, properly enclosed in triple backticks like ``` , and the output of the following (also properly enclosed):
sudo journalctl -u filebeat.service
sudo systemctl status filebeat
sudo systemctl start filebeat
If you changed anything else after you installed filebeat via yum, describe and share those changes too.
My apologizes, I did not realize the intended behaviour in systemd was to go to /var/log/messages and if that is default I would prefer to keep it that way. I should have looked for this instead of using an assumption.
Regarding my other issue I found several problems with the filebeat.yml (typing errors) and this issue can be closed out.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.