Filebeat unresponsive after executing with .yml config file


(Rizal Amir) #1

Hi There,

Quite new to beats here, previously success shippping logs using logstash to parsing and ship to Redis & ELK.

I would like some advise on Packetbeat. I tried both rpm and tar package on my Centos 6 but it seems nothing happens. The filebeat process seems unresponsive after executing it with my .yml configuration file. Also there is no logs to check the process running. Is there something wrong on my configuation shown below:

filebeat:

prospectors:
paths:
     - /opt/apps/apps_dump/apps_access.log-20151123
     - input_type: log
     - tail_files: true
     - registry_file: /var/lib/filebeat/registry

output:
     logstash:
          enable: true
          hosts: ["192.168.28.202:5044"]
          worker:
          loadbalance: true
          index: mybeat

logging:
to_files: true
level: debug
files:
     path: /var/log/mybeat
     name: mybeat.log
     rotateeverybytes: 10485760
     keepfiles: 7

Can anybody also advise what is the best configuration on logstash side, mine as shown below, since there is no space to put filter on filebeat configuration, does this means we have to do filter configuration at logstash side, instead of the shiper.

input {
  beats {
    port => "5044"

   }
}

output {
    elasticsearch {
    hosts => ["localhost:9200"] }
    stdout { codec => json }
}

Thanks in advance.


(ruflin) #2

Sorry for the late reply. You wrote in bold Packetbeat, but are talking about Filebeat afterwards? I assume you mean filebeat? Can you download the version 1.0.0 and in case you still have the issue, start it with the option -d "*" -e and post the output here?


(system) #3