Not able to start filebeat

rajesh-321 · February 22, 2019, 2:50pm

Hi Team

I am not able to start the filebeat service. below is the error I am getting

[root@inmbz1196 config]# service filebeat status
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Fri 2019-02-22 09:33:46 EST; 782ms ago
Docs: https://www.elastic.co/products/beats/filebeat
Process: 1972 ExecStart=/usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat (code=exited, status=1/FAILURE)
Main PID: 1972 (code=exited, status=1/FAILURE)

Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: filebeat.service: main process exited, code=exited, status=1/FAILURE
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: Unit filebeat.service entered failed state.
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: filebeat.service failed.
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: filebeat.service holdoff time over, scheduling restart.
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: start request repeated too quickly for filebeat.service
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: Unit filebeat.service entered failed state.
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: filebeat.service failed.
[root@inmbz1196 config]#

hence I am trying to get logs from localhost, please find the log stash configuration below

input {
tcp {
port => 5000
type => syslog
}
udp {
port => 5000
type => syslog
}
}

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }

Please suggest I am totally new to ELK

Christian_Dahlqvist · February 22, 2019, 2:54pm

Which version are you using? Which operating system?

rajesh-321 · February 22, 2019, 5:04pm

{
"name" : "EgQBZmC",
"cluster_name" : "my-application",
"cluster_uuid" : "UtlmNtFCQjWmfG6zqi8CGg",
"version" : {
"number" : "6.6.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "a9861f4",
"build_date" : "2019-01-24T11:27:09.439740Z",
"build_snapshot" : false,
"lucene_version" : "7.6.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"

Linux Operating systems

Christian_Dahlqvist · February 22, 2019, 5:14pm

Exactly which Linux type and version?

rajesh-321 · February 22, 2019, 6:39pm

Hi

Red Hat Enterprise Linux Server release 7.6 (Maipo)

Christian_Dahlqvist · February 22, 2019, 6:40pm

Is there anything in the Filebeat logs?

rajesh-321 · February 26, 2019, 9:09am

I have seen below error in log stash logs

cified
[2019-02-22T09:32:04,491][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.6.0"}
[2019-02-22T09:32:06,654][INFO ][logstash.config.source.local.configpathloader] No config files found in path {:path=>"/tmp/logstash/logstash-6.6.0/logstash.conf"}

rajesh-321 · February 26, 2019, 9:10am

filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Fri 2019-02-22 09:33:46 EST; 3 days ago
Docs: https://www.elastic.co/products/beats/filebeat
Main PID: 1972 (code=exited, status=1/FAILURE)

Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: filebeat.service: main process exited, code=exited, status=1/FAILURE
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: Unit filebeat.service entered failed state.
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: filebeat.service failed.
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: filebeat.service holdoff time over, scheduling restart.
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: start request repeated too quickly for filebeat.service
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: Unit filebeat.service entered failed state.
Feb 22 09:33:46 inmbz1196.in.dst.ibm.com systemd[1]: filebeat.service failed.

system · March 26, 2019, 11:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.