Not able to start filebeat instance in windows

jayaram · February 24, 2016, 3:08pm

Hello,

I am working in Windows with Filebeat --> Logstash --> Elasticsearch --> kibana
I am seeing below error while start Filebeat : filebeat.exe -c filebeat.yml -d *

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x8 pc=0x526e0a]

goroutine 16 [running]:
github.com/elastic/beats/filebeat/harvester.(*Harvester).Harvest.func1(0x12b48400)
        /go/src/github.com/elastic/beats/filebeat/harvester/log.go:91 +0x2a
github.com/elastic/beats/filebeat/harvester.(*Harvester).Harvest(0x12b48400)
        /go/src/github.com/elastic/beats/filebeat/harvester/log.go:110 +0x2b8
created by github.com/elastic/beats/filebeat/harvester.(*Harvester).Start
        /go/src/github.com/elastic/beats/filebeat/harvester/harvester.go:80 +0x32

Configurations: filebeat.yml

filebeat:
  prospectors:
    -
    paths:
      - D:\basefarm\logs\myserver.log
      encoding: utf-8
      input_type: log
      document_type: testApp      
      multiline:
        pattern: ^%{TIMESTAMP_ISO8601}
        negate: true
        match: after
        max_lines: 500
        timeout: 5s
      tail_files: false
     registry_file: "C:/ProgramData/filebeat/registry"
output:
   logstash:
     hosts: ["localhost:5044"]
     worker: 2
    index: filebeat
shipper:
logging:
  to_files: true
  files:
    path: D:/elk/beats/filebeat-1.1.0/log
    name: filebeat.log
   selectors: ["*"]
  level: debug

Logstash config file

input{
    beats{
        port => 5044
    }
}
output {
  elasticsearch {
    hosts => "localhost:9200"
    manage_template => true
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

I am able to push topbeat data with same configuration but filebeat have issue to run.... Please help me, I want push the log data from different machines to logstash through filebeat

tudor · February 24, 2016, 3:47pm

Maybe it's just a copy & paste to Discuss issue, but there seem to be some problems with the config file. The most important is that you need a dash before paths, something like:

filebeat:
  prospectors:
    - paths:
      -  D:\basefarm\logs\myserver.log
      encoding: utf-8
...

Make sure you also get the indentation right. encoding, multiline, etc. need to be at the same level as paths.

jayaram · February 24, 2016, 3:57pm

Hi , if the dash is not available it gives error
Loading config file error: YAML config parsing failed on filebeat.yml: yaml: line 22: did not find expected '-' indicator. Exiting.

in my file i have the dash above the paths: statement line

tudor · February 24, 2016, 3:59pm

Ok, so it was just a copy & paste issue. Can you paste again, making sure the identation shows up exactly the same as in your config? Or maybe just upload your config in a pastebin somewhere, to make sure.

jayaram · February 24, 2016, 4:53pm

Please find the attachment file location click here

tudor · February 24, 2016, 5:05pm

I'm not sure the stdin input works on Windows. Can you try disabling that just to make sure it's not the culprit?

jayaram · February 25, 2016, 6:05am

Thank you Tudor,
I have modified the file, there is no configuration error now but am not able to see data pushing from file beat to logstash and the elasticsearch. Please check the in the link File beat Configuration file

In logstash, I was pushed data properly, means single line log statement and multi-line log statement. as well remove the empty line statements ...with same configuration i want to achieve with Filebeat.. please find the file and suggest me logstash configuration file