So I am trying to have my application log into logstash --> elasticsearch as well as straight to elasticsearch. problem is, i do not have root access. This wasn't an issue with logshipper as i could run logstash instance as my own user and have it ship to redis and go from there.
Now, i am trying to stay with the times and upgrade to beats, but it appears root is necessary to install. is this true, or am i missing something?
You need to be root to install any RPM on RHEL. Instead of using an RPM, you can use the tar.gz distribution for Linux. It's available on the Downloads page. You can run filebeat as any user. There's nothing inherent in Filebeat that requires root, but typically all of the files that you want to read are owned by root.
Because you are not using the RPM which provides scripts for integrating Filebeat with the OS service manager, you or your application will need to take care of starting Filebeat.
Thank you for this information. The page was a bit misleading as it states for step 3:
Start the daemon by running sudo ./filebeat -e -c filebeat.yml
I am assuming that is just there easy way out to prevent read errors on unprivileged files.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.