Filebeat on Windows - do not start

picoroma · November 9, 2018, 11:55am

I'm trying to configure filebeats on a windows server where is running Tomcat 8.5.
The goal is to send Tomcat log files to Elasticsearch or to Logstash.
I Have, for this installed and configured an ELK stack.
So, ES, Logstash and Kibana are installed on same LINUX server and Filebeats on Windows.

The filebeat.yml is quite simple:
Firts I have this

And then as output, I'm trying to use ES and KIBANA

When I try to start the filebeat from a command prompt of windows:

c:\Program\filebeat>filebeat.exe -c filebeat.yml -e
I have this kind of error:

2018-11-09T12:53:43.814+0100 INFO instance/beat.go:286 Setup Beat: filebeat; Version: 6.4.3
2018-11-09T12:53:43.815+0100 INFO elasticsearch/client.go:163 Elasticsearch url: http://172.30.6.64:9200
2018-11-09T12:53:43.817+0100 INFO pipeline/module.go:98 Beat name: EC2AMAZ-DV55646
2018-11-09T12:53:43.818+0100 INFO instance/beat.go:340 filebeat stopped.
2018-11-09T12:53:43.819+0100 ERROR instance/beat.go:764 Exiting: Error reading config file: required 'object', but found 'string' in field 'filebeat.inputs.1' (source:'filebeat.yml')
Exiting: Error reading config file: required 'object', but found 'string' in field 'filebeat.inputs.1' (source:'filebeat.yml')

Where I was wrong ?
THX
P.

kvch · November 9, 2018, 11:59am

Please do not paste screenshot of your configuration. Rhater copy it here and format the text using </>.

The indentation of document_type seems to be incorrect.

filebeat.inputs:
- type: log
  enabled: false
  paths:
    - C:\....
  document_type: apachelogs

picoroma · November 12, 2018, 3:59pm

I have this, now:

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log
  # Change to true to enable this input configuration.
  enabled: true
  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    #- /var/log/*.log
    #- c:\programdata\elasticsearch\logs\*
    - 'D:\xampp\apache\logs\*.log'
    document_type: apachelogs

But still have error if run
./filebeats.exe setup -e

Exiting: error loading config file: yaml: line 28: did not find expected '-' indicator
Line 28 is the line with path.
I tried even without "-" at the beginning of line but I have another error (same line):
Exiting: error loading config file: yaml: line 28: did not find expected key

steffens · November 12, 2018, 9:06pm

YAML is sensitive to indentation. You have one - at one line and the next line you start a dictionary. You can not mix dictionary and lists in one namespace in yaml.

I think it must say:

- type: log
  # Change to true to enable this input configuration.
  enabled: true
  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    #- /var/log/*.log
    #- c:\programdata\elasticsearch\logs\*
    - 'D:\xampp\apache\logs\*.log'
  document_type: apachelogs

The document_type must be on the same level as paths.

system · December 10, 2018, 9:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.