Keystore Not Finding auditbeat.yml and Non-Zero Issue

I am basically just getting beats going so I apologize for what may be stupid questions but....
I have just installed auditbeat on a number of servers and all appears to be functioning - meaning systemctl says its running and kibana appears to be getting data from the servers. However, two items I am confused about:

  1. I try to create a keystore and it says it cant find the auditbeat.yml. I give it the path and it works. I never had to do that before. My concern is how will the yml preload the keystore variables when the service starts if I have to currently give it a -c param?

[root@serv1]# /usr/share/auditbeat/bin/auditbeat keystore create
error initializing beat: error loading config file: stat auditbeat.yml: no such file or directory

but this works:
[root@serv1]# /usr/share/auditbeat/bin/auditbeat keystore create -c /etc/auditbeat/auditbeat.yml

  1. Even though I see the data in kibana, systemctl reports:
    Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":...

Is Non-zero an error indication?

Thank you.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.