Filebeat on Windows - do not start

picoroma · November 9, 2018, 11:55am

I'm trying to configure filebeats on a windows server where is running Tomcat 8.5.
The goal is to send Tomcat log files to Elasticsearch or to Logstash.
I Have, for this installed and configured an ELK stack.
So, ES, Logstash and Kibana are installed on same LINUX server and Filebeats on Windows.

The filebeat.yml is quite simple:
Firts I have this

And then as output, I'm trying to use ES and KIBANA

When I try to start the filebeat from a command prompt of windows:

c:\Program\filebeat>filebeat.exe -c filebeat.yml -e
I have this kind of error:

2018-11-09T12:53:43.814+0100 INFO instance/beat.go:286 Setup Beat: filebeat; Version: 6.4.3
2018-11-09T12:53:43.815+0100 INFO elasticsearch/client.go:163 Elasticsearch url: http://172.30.6.64:9200
2018-11-09T12:53:43.817+0100 INFO pipeline/module.go:98 Beat name: EC2AMAZ-DV55646
2018-11-09T12:53:43.818+0100 INFO instance/beat.go:340 filebeat stopped.
2018-11-09T12:53:43.819+0100 ERROR instance/beat.go:764 Exiting: Error reading config file: required 'object', but found 'string' in field 'filebeat.inputs.1' (source:'filebeat.yml')
Exiting: Error reading config file: required 'object', but found 'string' in field 'filebeat.inputs.1' (source:'filebeat.yml')

Where I was wrong ?
THX
P.

kvch · November 9, 2018, 11:59am

Please do not paste screenshot of your configuration. Rhater copy it here and format the text using </>.

The indentation of document_type seems to be incorrect.

filebeat.inputs:
- type: log
  enabled: false
  paths:
    - C:\....
  document_type: apachelogs

picoroma · November 12, 2018, 3:59pm

I have this, now:

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log
  # Change to true to enable this input configuration.
  enabled: true
  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    #- /var/log/*.log
    #- c:\programdata\elasticsearch\logs\*
    - 'D:\xampp\apache\logs\*.log'
    document_type: apachelogs

But still have error if run
./filebeats.exe setup -e

Exiting: error loading config file: yaml: line 28: did not find expected '-' indicator
Line 28 is the line with path.
I tried even without "-" at the beginning of line but I have another error (same line):
Exiting: error loading config file: yaml: line 28: did not find expected key

steffens · November 12, 2018, 9:06pm

YAML is sensitive to indentation. You have one - at one line and the next line you start a dictionary. You can not mix dictionary and lists in one namespace in yaml.

I think it must say:

- type: log
  # Change to true to enable this input configuration.
  enabled: true
  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    #- /var/log/*.log
    #- c:\programdata\elasticsearch\logs\*
    - 'D:\xampp\apache\logs\*.log'
  document_type: apachelogs

The document_type must be on the same level as paths.

system · December 10, 2018, 9:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch Beats filebeat	0	288	April 4, 2024
Logstash and Filebeat on Windows Kibana	8	318	July 7, 2023
Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch Beats filebeat	2	745	May 1, 2024
I have installed File beat 7.17.3 version on a Windows server, it is not getting the logs to the ELK Server Elasticsearch	2	210	August 11, 2022
Can't start filebeat on windows-machine Beats filebeat	8	6861	July 5, 2017

Filebeat on Windows - do not start

Related topics