Ive created a filebeat daemonset for my k8 cluster using (roughly) these params: https://github.com/elastic/beats/blob/master/deploy/kubernetes/filebeat/filebeat-daemonset.yaml.
Of 5 cluster hosts 4 are working fine and Im getting data. On the 5th Im seeing this error message:
2018-10-16T13:53:55.243Z INFO instance/beat.go:544 Home path: [/usr/share/filebeat] Config path: [/usr/share/filebeat] Data path: [/usr/share/filebeat/data] Logs path: [/usr/share/filebeat/logs] 2018-10-16T13:53:55.244Z INFO instance/beat.go:315 filebeat stopped. 2018-10-16T13:53:55.244Z ERROR instance/beat.go:743 Exiting: Failed to create Beat meta file: open /usr/share/filebeat/data/meta.json.new: permission denied Exiting: Failed to create Beat meta file: open /usr/share/filebeat/data/meta.json.new: permission denied
The 5 hosts should be identical. (They were provisioned via puppet).
When I look for that path (/usr/share/filebeat/data) I don't see it on any of the 5 hosts. For some reason filebeat doesn't seem to complain on 4/5 though.