How does -E flag works

Sebastian_Treu · April 25, 2019, 7:07pm

Hi, I'm trying to overwrite the output of filebeat.

Motivation is based on my idea of avoid at all cost mounting specific files into docker container, so I though of:

~$ docker run --user root  -it -v "/var/lib/docker/containers:/var/lib/docker/containers:ro" -v "/var/run/docker.sock:/var/run/docker.sock:ro"  docker.elas
tic.co/beats/filebeat:7.0.0 -e -strict.perms=false --E output.console.pretty=true
Exiting: error unpacking config data: more than one namespace configured accessing 'output' (source:'filebeat.yml')

But it complains just like if it the overwrite was not done. This is what documentation says:

Flags:
-E, --E setting=value Configuration overwrite

What am I doing wrong?

steffens · April 26, 2019, 12:56pm

By using -E output.console.pretty=true you have 2 outputs configured. The default output is elasticsearch. Try:

... -E output.elasticsearch.enabled=false -E output.console.pretty=true

one can actually pass object to -E:

... -E 'output={elasticsearch.enabled: false, console.pretty: true}'

Sebastian_Treu · April 26, 2019, 5:23pm

@steffens thanks, that worked.

It's pretty anti intuitive that if filebeat won't manage 2 outputs, the command flag adds another option instead of overwriting it. Maybe that should be a feature request to change that behaviour.

Topic		Replies	Views
Overriding output from command line Beats	4	443	May 31, 2019
Override module configuration on start Beats metricbeat	4	894	July 5, 2017
Just cannot have filebeat ouput right! Beats filebeat	2	1350	October 15, 2018
Beats (Metricbeat) unable to change settings via commandline Beats	7	1019	January 10, 2017
More than one namespace configured accessing 'output' Beats filebeat	2	17686	September 27, 2018

How does -E flag works

Related topics