Hi
Need a wall to play against here TIA
What am I missing out on, I wonder, when trying to launch filebeat.service. I'm see these errors:
==> /var/log/filebeat/filebeat-20230312.ndjson <==
{"log.level":"error","@timestamp":"2023-03-12T17:55:23.444+0100","log.origin":{"file.name":"instance/beat.go","file.line":1071},"message":"Exiting: error initializing publisher: missing field accessing 'output.elasticsearch.protocol' (source:'/etc/filebeat/filebeat.yml')","service.name":"filebeat","ecs.version":"1.6.0"}
[root@exrhel0311 filebeat]$ tail /var/log/filebeat/filebeat-20230312*
==> /var/log/filebeat/filebeat-20230312-1.ndjson <==
{"log.level":"error","@timestamp":"2023-03-12T17:55:23.814+0100","log.origin":{"file.name":"instance/beat.go","file.line":1071},"message":"Exiting: error initializing publisher: missing field accessing 'output.elasticsearch.protocol' (source:'/etc/filebeat/filebeat.yml')","service.name":"filebeat","ecs.version":"1.6.0"}
==> /var/log/filebeat/filebeat-20230312-2.ndjson <==
{"log.level":"error","@timestamp":"2023-03-12T17:55:24.064+0100","log.origin":{"file.name":"instance/beat.go","file.line":1071},"message":"Exiting: error initializing publisher: missing field accessing 'output.elasticsearch.protocol' (source:'/etc/filebeat/filebeat.yml')","service.name":"filebeat","ecs.version":"1.6.0"}
==> /var/log/filebeat/filebeat-20230312-3.ndjson <==
{"log.level":"error","@timestamp":"2023-03-12T17:55:24.321+0100","log.origin":{"file.name":"instance/beat.go","file.line":1071},"message":"Exiting: error initializing publisher: missing field accessing 'output.elasticsearch.protocol' (source:'/etc/filebeat/filebeat.yml')","service.name":"filebeat","ecs.version":"1.6.0"}
==> /var/log/filebeat/filebeat-20230312-4.ndjson <==
{"log.level":"error","@timestamp":"2023-03-12T17:55:24.567+0100","log.origin":{"file.name":"instance/beat.go","file.line":1071},"message":"Exiting: error initializing publisher: missing field accessing 'output.elasticsearch.protocol' (source:'/etc/filebeat/filebeat.yml')","service.name":"filebeat","ecs.version":"1.6.0"}
==> /var/log/filebeat/filebeat-20230312-5.ndjson <==
{"log.level":"warn","@timestamp":"2023-03-12T17:57:11.526+0100","log.logger":"cfgwarn","log.origin":{"file.name":"tlscommon/config.go","file.line":102},"message":"DEPRECATED: Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version: 8.0.0","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-03-12T17:57:11.526+0100","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-03-12T17:57:11.528+0100","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-03-12T17:57:11.537+0100","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"filebeat","ecs.version":"1.6.0"}
==> /var/log/filebeat/filebeat-20230312-6.ndjson <==
{"log.level":"warn","@timestamp":"2023-03-12T17:58:15.342+0100","log.logger":"cfgwarn","log.origin":{"file.name":"tlscommon/config.go","file.line":102},"message":"DEPRECATED: Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version: 8.0.0","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-03-12T17:58:15.342+0100","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"filebeat","ecs.version":"1.6.0"}
wondering as testing seems to be just fine:
[root@exrhel0311 filebeat]$ filebeat test output
elasticsearch: https://<redacted>:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.83.67.157
dial up... OK
TLS...
security... WARN server's certificate chain verification is disabled
handshake... OK
TLS version: TLSv1.2
dial up... OK
talk to server... OK
version: 8.6.1
[root@exrhel0311 filebeat]$ filebeat test config
Config OK