How to start Filebeat?

bobbysidhartha · March 27, 2017, 12:43pm

Hi,
I am a new comer to Beats and Im trying to learn it starting with Filebeats. I understood that filebeats.yml is the file where you define your input and output file. In my Linux system, I gave them as below.

- input_type: log
  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/*.log
    - /home/cloudera/Desktop/inpB

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["localhost:9200"]
  paths:
    - /home/cloudera/Desktop/outB

Im trying to run the filebeats using the command: ./filebeat -e -c packetbeat.yml
but it says: bash: ./packetbeat: No such file or directory

Is there anything else we need to add to the files.
Can some one tell me if Im giving the input and output files at the right places and using the right command to execute it ?

andrewkroh · March 27, 2017, 1:26pm

This information is covered in the getting started guide.

The second paths that you defined under the elasticsearch output should be removed. If you are trying to output to a file then see the file output.

prodrg · March 27, 2017, 3:02pm

By the way, why are you using packetbeat.yml for Filebeat? Maybe the command you need must be:

./filebeat -e -c filebeat.yml

And just in case, try to use the absolute path for the settings file.

system · April 24, 2017, 3:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.