Filebeat service could not start

Elastic Stack Beats
1

Hi,

Am using filebeat to read log files and stash it in elasticsearch.

But am not able to start the service of filebeat. As am new to ELK, I followed the instructions given in the guide and it says the below command to be executed in cmd(PowerShell i have).

Start-Service filebeat

and the error I get is this.

Start-Service : Service 'filebeat (filebeat)' cannot be started due to the following error: Cannot open filebeat
service on computer '.'.
At line:1 char:1

  • Start-Service filebeat
  •   + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service],
 ServiceCommandException
  + FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand

Can anyone give a solution for this? How can I start the filebeat? Is there any other way to do this?
Am using Windows Server 2012 R2

2

Can you try starting filebeat in foreground first? Go to where you have downloaded and extracted the zip and run:

filebeat.exe -e

Let us know if it prints any errors.

1 Like
3

This is what it prints...

2016/11/15 10:16:56.447810 beat.go:264: INFO Home path: [C:\Users\547213\elk\ELK 5\filebeat\filebeat-5.0.0-windows-x86_6
4] Config path: [C:\Users\547213\elk\ELK 5\filebeat\filebeat-5.0.0-windows-x86_64] Data path: [C:\Users\547213\elk\ELK 5
\filebeat\filebeat-5.0.0-windows-x86_64\data] Logs path: [C:\Users\547213\elk\ELK 5\filebeat\filebeat-5.0.0-windows-x86_
64\logs]
2016/11/15 10:16:56.447810 beat.go:174: INFO Setup Beat: filebeat; Version: 5.0.0
2016/11/15 10:16:56.447810 logp.go:219: INFO Metrics logging every 30s
2016/11/15 10:16:56.448809 output.go:167: INFO Loading template enabled. Reading template file: C:\Users\547213\elk\ELK
5\filebeat\filebeat-5.0.0-windows-x86_64\filebeat.template.json
2016/11/15 10:16:56.448809 output.go:178: INFO Loading template enabled for Elasticsearch 2.x. Reading template file: C:
\Users\547213\elk\ELK 5\filebeat\filebeat-5.0.0-windows-x86_64\filebeat.template-es2x.json
2016/11/15 10:16:56.449813 client.go:107: INFO Elasticsearch url: http://localhost:9200
2016/11/15 10:16:56.449813 outputs.go:106: INFO Activated elasticsearch as output plugin.
2016/11/15 10:16:56.450813 publish.go:291: INFO Publisher name: CTSC00414112601
2016/11/15 10:16:56.454819 async.go:63: INFO Flush Interval set to: 1s
2016/11/15 10:16:56.454819 async.go:64: INFO Max Bulk Size set to: 50
2016/11/15 10:16:56.455821 beat.go:204: INFO filebeat start running.
2016/11/15 10:16:56.455821 registrar.go:66: INFO Registry file set to: C:\Users\547213\elk\ELK 5\filebeat\filebeat-5.0.0
-windows-x86_64\data\registry
2016/11/15 10:16:56.458821 registrar.go:99: INFO Loading registrar data from C:\Users\547213\elk\ELK 5\filebeat\filebeat
-5.0.0-windows-x86_64\data\registry
2016/11/15 10:16:56.458821 registrar.go:122: INFO States Loaded from registrar: 0
2016/11/15 10:16:56.458821 registrar.go:211: INFO Starting Registrar
2016/11/15 10:16:56.458821 crawler.go:34: INFO Loading Prospectors: 1
2016/11/15 10:16:56.458821 spooler.go:64: INFO Starting spooler: spool_size: 2048; idle_timeout: 5s
2016/11/15 10:16:56.458821 sync.go:41: INFO Start sending events to output
2016/11/15 10:16:56.459819 prospector_log.go:40: INFO Load previous states from registry into memory
2016/11/15 10:16:56.459819 prospector_log.go:67: INFO Previous states loaded: 0
2016/11/15 10:16:56.460816 crawler.go:46: INFO Loading Prospectors completed. Number of prospectors: 1
2016/11/15 10:16:56.461816 crawler.go:61: INFO All prospectors are initialised and running with 0 states to persist
2016/11/15 10:16:56.461816 prospector.go:106: INFO Starting prospector of type: log
2016/11/15 10:17:26.450247 logp.go:232: INFO No non-zero metrics in the last 30s
4

Ok, so it works fine in foreground. Can you try re-running the install_filebeat.bat script from the C:\Users\547213\elk\ELK 5\filebeat\filebeat-5.0.0-windows-x86_64 folder?

Also have a look at that script, since it's pretty simple, and make sure that the paths it uses make sense in your case.

5

Thank you Tudor for the instructions.

But I don't have a bat file named install_filebeat..bat to run.

I only have install-service-filebeat.ps1

6

Filebeat can only be started as a Service? is there any other way around to run the filebeat with config file?

7

That's what I meant, the ps1 script.

You don't have to run it as a service if you don't want, but I guess you will want a way to keep it always running, right?

8

Can you check that the service exists? PS> Get-Service will list all services. Is there a filebeat entry in the list? If not then run the .\install-service-filebeat.ps1 script to install it.

9

Thank you Andrew and Tudor

I used the .\install-service-filebeat.ps1 file to install filebeat and also found that the filebeat service running. I used admin credents to start the service and now it is running.

But this is really hard to find out whether my file is being picked by filebeat. I have no choice of finding it out in any way. Even in logs I could not find any useful information. There are very less documents in filebeat that can clear all the difficulties faced by users.

  1. How will I know whether my logs are getting picked and moved to the output(either elastic or logstash)?
  2. Is there any other document which can give a step by step info about running filebeat other than the user guide released with the product?
10

Can you guys tell what does the below line means?

logp.go:232: INFO No non-zero metrics in the last 30s

11

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.