Hello
Metricbeat does not stop sending logs to syslog.
Even after parameter in metricbeat.yml: logging.to_syslog: false
This happens if you run metricbeat (ubuntu 16.04): service metricbeat start
It helps only run with command: /usr/share/metricbeat/bin/metricbeat -c /etc/metricbeat/metricbeat.yml -path.logs /var/log/metricbeat
I also noticed that when running through systemd, command has option "-e": /usr/share/metricbeat/bin/metricbeat -e -c /etc/metricbeat/metricbeat.yml ...
There may be a problem due to this "-e" option. But I did not find where it comes from. There is no such parameter in the /etc/init.d/metricbeat file
When Metricbeat is running on a Linux system with systemd, it uses by default the -e command line option, that makes it write all the logging output to stderr so it can be captured by journald. Other outputs are disabled. See Metricbeat and systemd to know more and learn how to change this.
It is very strange that by default metricbeat writes its log to syslog. In metricbeat, by default, logging.level: info is enabled, so your syslog file will instantly overflow and it will be difficult to find something useful.
To elastic members:
Perhaps it is not necessary by default to include output in syslog? Or at least lower logging level?
Journald is a good tool, but only when there is no unnecessary information.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.