Not receiving correct info about services: "The system cannot find the file specified"

I found this topic from december last year, but it was closed without answer (auto). I have a similar issue: I recently started using the ELK-Stack and now I want to use metricbeat/windows/service to get "heartbeats" from windows services. With all modules disabled metricbeat runs, of course delivers nothing special, when I enable "system" it works fine. I then disable "system" and enable "windows". I run metricbeat from the cmd-line, in it it logs (among others): ... "metricbeat":{"windows":{"service":{"events":1,"failures":1}} ... and when I look under "discover" in kibana it comes in there with "error.message: The system cannot find the file specified". I am using windows.yml :

• module: windows
  metricsets:
  • service
    period: 30s
    What file is being looked for? Is there a bug ? This beat-part is beta ...

Could you share the metricbeat log file? Which version of Metricbeat are you using? Could you share your full config?

Here is the metricbeat logfile:

2019-01-17T09:31:39.611+0100	INFO	instance/beat.go:592	Home path: [D:\APPL\ELK-Stack\metricbeat] Config path: [D:\APPL\ELK-Stack\metricbeat] Data path: [D:\APPL\ELK-Stack\metricbeat\metricbeat] Logs path: [D:\APPL\ELK-Stack\metricbeat\logs]
2019-01-17T09:31:39.617+0100	INFO	instance/beat.go:599	Beat UUID: e746496a-1e19-4454-85d3-e12a1af0ea60
2019-01-17T09:31:39.617+0100	INFO	[beat]	instance/beat.go:825	Beat info	{"system_info": {"beat": {"path": {"config": "D:\\APPL\\ELK-Stack\\metricbeat", "data": "D:\\APPL\\ELK-Stack\\metricbeat\\metricbeat", "home": "D:\\APPL\\ELK-Stack\\metricbeat", "logs": "D:\\APPL\\ELK-Stack\\metricbeat\\logs"}, "type": "metricbeat", "uuid": "e746496a-1e19-4454-85d3-e12a1af0ea60"}}}
2019-01-17T09:31:39.617+0100	INFO	[beat]	instance/beat.go:834	Build info	{"system_info": {"build": {"commit": "6da316ebb3ba6ed57725b7fd7c21e598522855bf", "libbeat": "6.5.3", "time": "2018-12-06T19:03:14.000Z", "version": "6.5.3"}}}
2019-01-17T09:31:39.617+0100	INFO	[beat]	instance/beat.go:837	Go runtime info	{"system_info": {"go": {"os":"windows","arch":"amd64","max_procs":8,"version":"go1.10.3"}}}
2019-01-17T09:31:39.623+0100	INFO	[beat]	instance/beat.go:841	Host info	{"system_info": {"host": {"architecture":"x86_64","boot_time":"2019-01-13T09:41:47.77+01:00","name":"xxxxxxx-xxxxx","ip":["10.48.197.97/21","::1/128","127.0.0.1/8"],"kernel_version":"6.3.9600.19202 (winblue_ltsb.181110-0600)","mac":["00:50:56:85:35:d3"],"os":{"family":"windows","platform":"windows","name":"Windows Server 2012 R2 Standard","version":"6.3","major":3,"minor":0,"patch":0,"build":"9600.19206"},"timezone":"CET","timezone_offset_sec":3600,"id":"d58d7f5b-3376-4e54-bae9-7a799d8d9c71"}}}
2019-01-17T09:31:39.625+0100	INFO	[beat]	instance/beat.go:870	Process info	{"system_info": {"process": {"cwd": "C:\\WINDOWS\\system32", "exe": "D:\\APPL\\ELK-Stack\\metricbeat\\metricbeat.exe", "name": "metricbeat.exe", "pid": 8496, "ppid": 592, "start_time": "2019-01-17T09:31:38.431+0100"}}}
2019-01-17T09:31:39.625+0100	INFO	instance/beat.go:278	Setup Beat: metricbeat; Version: 6.5.3
2019-01-17T09:31:42.633+0100	INFO	add_cloud_metadata/add_cloud_metadata.go:319	add_cloud_metadata: hosting provider type not detected.
2019-01-17T09:31:42.633+0100	INFO	elasticsearch/client.go:163	Elasticsearch url: http://localhost:9200
2019-01-17T09:31:42.633+0100	INFO	[publisher]	pipeline/module.go:110	Beat name: xxxxxxx-xxxxx [anonymized data /Martin]
2019-01-17T09:31:42.633+0100	INFO	instance/beat.go:400	metricbeat start running.
2019-01-17T09:31:42.633+0100	INFO	[monitoring]	log/log.go:117	Starting metrics logging every 30s
2019-01-17T09:31:42.636+0100	INFO	helper/privileges_windows.go:79	Metricbeat process and system info: {"OSVersion":{"Major":6,"Minor":2,"Build":9200},"Arch":"amd64","NumCPU":8,"User":{"SID":"S-1-5-18","Account":"SYSTEM","Domain":"NT AUTHORITY","Type":1},"ProcessPrivs":{"SeAssignPrimaryTokenPrivilege":{"enabled":false},"SeAuditPrivilege":{"enabled_by_default":true,"enabled":true},"SeBackupPrivilege":{"enabled":false},"SeChangeNotifyPrivilege":{"enabled_by_default":true,"enabled":true},"SeCreateGlobalPrivilege":{"enabled_by_default":true,"enabled":true},"SeCreatePagefilePrivilege":{"enabled_by_default":true,"enabled":true},"SeCreatePermanentPrivilege":{"enabled_by_default":true,"enabled":true},"SeCreateSymbolicLinkPrivilege":{"enabled_by_default":true,"enabled":true},"SeDebugPrivilege":{"enabled_by_default":true,"enabled":true},"SeImpersonatePrivilege":{"enabled_by_default":true,"enabled":true},"SeIncreaseBasePriorityPrivilege":{"enabled_by_default":true,"enabled":true},"SeIncreaseQuotaPrivilege":{"enabled":false},"SeIncreaseWorkingSetPrivilege":{"enabled_by_default":true,"enabled":true},"SeLoadDriverPrivilege":{"enabled":false},"SeLockMemoryPrivilege":{"enabled_by_default":true,"enabled":true},"SeManageVolumePrivilege":{"enabled":false},"SeProfileSingleProcessPrivilege":{"enabled_by_default":true,"enabled":true},"SeRestorePrivilege":{"enabled":false},"SeSecurityPrivilege":{"enabled":false},"SeShutdownPrivilege":{"enabled":false},"SeSystemEnvironmentPrivilege":{"enabled":false},"SeSystemProfilePrivilege":{"enabled_by_default":true,"enabled":true},"SeSystemtimePrivilege":{"enabled":false},"SeTakeOwnershipPrivilege":{"enabled":false},"SeTcbPrivilege":{"enabled_by_default":true,"enabled":true},"SeTimeZonePrivilege":{"enabled_by_default":true,"enabled":true},"SeUndockPrivilege":{"enabled":false}}}
2019-01-17T09:31:42.636+0100	INFO	helper/privileges_windows.go:87	SeDebugPrivilege is enabled. SeDebugPrivilege=(Default, Enabled)
2019-01-17T09:31:42.636+0100	WARN	[cfgwarn]	service/service.go:49	BETA: The windows service metricset is beta
2019-01-17T09:31:42.636+0100	INFO	cfgfile/reload.go:150	Config reloader started
2019-01-17T09:31:42.638+0100	WARN	[cfgwarn]	service/service.go:49	BETA: The windows service metricset is beta
2019-01-17T09:31:42.638+0100	INFO	cfgfile/reload.go:205	Loading of config files completed.
2019-01-17T09:31:43.700+0100	INFO	pipeline/output.go:95	Connecting to backoff(elasticsearch(http://localhost:9200))
2019-01-17T09:31:43.705+0100	INFO	elasticsearch/client.go:713	Connected to Elasticsearch version 6.5.3
2019-01-17T09:31:43.706+0100	INFO	template/load.go:129	Template already exists and will not be overwritten.
2019-01-17T09:31:43.709+0100	INFO	pipeline/output.go:105	Connection to backoff(elasticsearch(http://localhost:9200)) established
2019-01-17T09:32:12.829+0100	INFO	[monitoring]	log/log.go:144	Non-zero metrics in the last 30s	{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":171,"time":{"ms":171}},"total":{"ticks":514,"time":{"ms":514},"value":514},"user":{"ticks":343,"time":{"ms":343}}},"handles":{"open":242},"info":{"ephemeral_id":"2fc1898e-ac16-484e-9311-32bde843d384","uptime":{"ms":33866}},"memstats":{"gc_next":5217984,"memory_alloc":3606568,"memory_total":9705976,"rss":28254208}},"libbeat":{"config":{"module":{"running":0},"reloads":1},"output":{"events":{"acked":1,"batches":1,"total":1},"read":{"bytes":833},"type":"elasticsearch","write":{"bytes":936}},"pipeline":{"clients":2,"events":{"active":1,"published":2,"retry":1,"total":2},"queue":{"acked":1}}},"metricbeat":{"windows":{"service":{"events":2,"failures":2}}},"system":{"cpu":{"cores":8}}}}}
2019-01-17T09:32:42.643+0100	INFO	[monitoring]	log/log.go:144	Non-zero metrics in the last 30s	{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":187,"time":{"ms":16}},"total":{"ticks":546,"time":{"ms":32},"value":546},"user":{"ticks":359,"time":{"ms":16}}},"handles":{"open":243},"info":{"ephemeral_id":"2fc1898e-ac16-484e-9311-32bde843d384","uptime":{"ms":63862}},"memstats":{"gc_next":5217984,"memory_alloc":4095784,"memory_total":10195192,"rss":1753088}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":1,"batches":1,"total":1},"read":{"bytes":330},"write":{"bytes":690}},"pipeline":{"clients":2,"events":{"active":0},"queue":{"acked":1}}}}}}

Version is 6.5.3

Here is the metricbeat.yml (Config): (removed most commented lines as they appears as bold and makes it hard to read)

###################### Metricbeat Configuration Example #######################

#========================== Modules configuration ============================

metricbeat.config.modules:
path: ${path.config}/modules.d/*.yml
#path: D:\APPL\ELK-Stack\metricbeat\modules.d\windows.yml

reload.enabled: false

#reload.period: 10s

#==================== Elasticsearch template setting ==========================

setup.template.settings:
index.number_of_shards: 1
index.codec: best_compression
#_source.enabled: false

#============================== Dashboards =====================================

#============================== Kibana =====================================

setup.kibana:

host: "localhost:5601"

#============================= Elastic Cloud ==================================

#================================ Outputs =====================================

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
hosts: ["localhost:9200"]

#----------------------------- Logstash output --------------------------------

#================================ Procesors =====================================

processors:

• add_host_metadata: ~
• add_cloud_metadata: ~

#================================ Logging =====================================

#============================== Xpack Monitoring ===============================

And here is the windows.yml:

• module: windows
  metricsets:
  • service
    period: 30s

Thanks for sharing. So far the log, config etc. all looks normal. Could you share a log file with -d "*" enabled (debug level). This will produce A LOT more output but I hope we can find something in there. What I hoping we find which file The system cannot find is referring to.

thanks for formatting the logfile at the top, how can I do that?
I will post it here anyway, over several replies as the limit of 7000 is exceeded

. . .
2019-01-18T13:30:58.261+0100 INFO instance/beat.go:592 Home path: [D:\APPL\ELK-Stack\metricbeat] Config path: [D:\APPL\ELK-Stack\metricbeat] Data path: [D:\APPL\ELK-Stack\metricbeat\metricbeat] Logs path: [D:\APPL\ELK-Stack\metricbeat\logs]
2019-01-18T13:30:58.267+0100 DEBUG [beat] instance/beat.go:629 Beat metadata path: D:\APPL\ELK-Stack\metricbeat\metricbeat\meta.json
2019-01-18T13:30:58.267+0100 INFO instance/beat.go:599 Beat UUID: e746496a-1e19-4454-85d3-e12a1af0ea60
2019-01-18T13:30:58.267+0100 DEBUG [seccomp] seccomp/seccomp.go:88 Syscall filtering is only supported on Linux
2019-01-18T13:30:58.267+0100 INFO [beat] instance/beat.go:825 Beat info {"system_info": {"beat": {"path": {"config": "D:\APPL\ELK-Stack\metricbeat", "data": "D:\APPL\ELK-Stack\metricbeat\metricbeat", "home": "D:\APPL\ELK-Stack\metricbeat", "logs": "D:\APPL\ELK-Stack\metricbeat\logs"}, "type": "metricbeat", "uuid": "e746496a-1e19-4454-85d3-e12a1af0ea60"}}}
2019-01-18T13:30:58.267+0100 INFO [beat] instance/beat.go:834 Build info {"system_info": {"build": {"commit": "6da316ebb3ba6ed57725b7fd7c21e598522855bf", "libbeat": "6.5.3", "time": "2018-12-06T19:03:14.000Z", "version": "6.5.3"}}}
2019-01-18T13:30:58.267+0100 INFO [beat] instance/beat.go:837 Go runtime info {"system_info": {"go": {"os":"windows","arch":"amd64","max_procs":8,"version":"go1.10.3"}}}
2019-01-18T13:30:58.274+0100 INFO [beat] instance/beat.go:841 Host info {"system_info": {"host": {"architecture":"x86_64","boot_time":"2019-01-13T09:41:49.64+01:00","name":"winxxxx-eappl","ip":["10.48.197.97/21","::1/128","127.0.0.1/8"],"kernel_version":"6.3.9600.19202 (winblue_ltsb.181110-0600)","mac":["00:50:56:85:35:d3"],"os":{"family":"windows","platform":"windows","name":"Windows Server 2012 R2 Standard","version":"6.3","major":3,"minor":0,"patch":0,"build":"9600.19206"},"timezone":"CET","timezone_offset_sec":3600,"id":"d58d7f5b-3376-4e54-bae9-7a799d8d9c71"}}}
2019-01-18T13:30:58.275+0100 INFO [beat] instance/beat.go:870 Process info {"system_info": {"process": {"cwd": "C:\WINDOWS\system32", "exe": "D:\APPL\ELK-Stack\metricbeat\metricbeat.exe", "name": "metricbeat.exe", "pid": 11952, "ppid": 592, "start_time": "2019-01-18T13:30:57.060+0100"}}}
2019-01-18T13:30:58.276+0100 INFO instance/beat.go:278 Setup Beat: metricbeat; Version: 6.5.3
2019-01-18T13:30:58.276+0100 DEBUG [beat] instance/beat.go:299 Initializing output plugins
2019-01-18T13:30:58.278+0100 DEBUG [filters] add_cloud_metadata/add_cloud_metadata.go:160 add_cloud_metadata: starting to fetch metadata, timeout=3s
2019-01-18T13:30:58.292+0100 DEBUG [filters] add_cloud_metadata/add_cloud_metadata.go:192 add_cloud_metadata: received disposition for qcloud after 14.166ms. result=[provider:qcloud, error=failed requesting qcloud metadata: Get http://metadata.tencentyun.com/meta-data/placement/zone: dial tcp: lookup metadata.tencentyun.com: no such host, metadata={}]
2019-01-18T13:31:01.292+0100 DEBUG [filters] add_cloud_metadata/add_cloud_metadata.go:192 add_cloud_metadata: received disposition for gce after 3.0145103s. result=[provider:gce, error=failed requesting gce metadata: Get http://169.254.169.254/computeMetadata/v1/?recursive=true&alt=json: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers), metadata={}]
2019-01-18T13:31:01.292+0100 DEBUG [filters] add_cloud_metadata/add_cloud_metadata.go:192 add_cloud_metadata: received disposition for digitalocean after 3.0145103s. result=[provider:digitalocean, error=failed requesting digitalocean metadata: Get http://169.254.169.254/metadata/v1.json: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers), metadata={}]
2019-01-18T13:31:01.293+0100 DEBUG [filters] add_cloud_metadata/add_cloud_metadata.go:192 add_cloud_metadata: received disposition for ecs after 3.0148059s. result=[provider:ecs, error=failed requesting ecs metadata: Get http://100.100.100.200/latest/meta-data/region-id: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers), metadata={}]
2019-01-18T13:31:01.293+0100 DEBUG [filters] add_cloud_metadata/add_cloud_metadata.go:199 add_cloud_metadata: timed-out waiting for all responses
2019-01-18T13:31:01.293+0100 DEBUG [filters] add_cloud_metadata/add_cloud_metadata.go:163 add_cloud_metadata: fetchMetadata ran for 3.0148059s
2019-01-18T13:31:01.293+0100 INFO add_cloud_metadata/add_cloud_metadata.go:319 add_cloud_metadata: hosting provider type not detected.
2019-01-18T13:31:01.293+0100 DEBUG [processors] processors/processor.go:66 Processors: add_host_metadata=[netinfo.enabled=[false]], add_cloud_metadata=null
2019-01-18T13:31:01.293+0100 INFO elasticsearch/client.go:163 Elasticsearch url: http://localhost:9200
2019-01-18T13:31:01.293+0100 DEBUG [publish] pipeline/consumer.go:137 start pipeline event consumer
2019-01-18T13:31:01.293+0100 INFO [publisher] pipeline/module.go:110 Beat name: winxxxx-eappl
2019-01-18T13:31:01.294+0100 DEBUG [modules] beater/metricbeat.go:103 Register [ModuleFactory:[docker, mongodb, mysql, postgresql, system, uwsgi, windows], MetricSetFactory:[aerospike/namespace, apache/status, ceph/cluster_disk, ceph/cluster_health, ceph/cluster_status, ceph/monitor_health, ceph/osd_df, ceph/osd_tree, ceph/pool_disk, couchbase/bucket, couchbase/cluster, couchbase/node, docker/container, docker/cpu, docker/diskio, docker/healthcheck, docker/image, docker/info, docker/memory, docker/network, dropwizard/collector, elasticsearch/ccr, elasticsearch/cluster_stats, elasticsearch/index, elasticsearch/index_recovery, elasticsearch/index_summary, elasticsearch/ml_job, elasticsearch/node, elasticsearch/node_stats, elasticsearch/pending_tasks, elasticsearch/shard, envoyproxy/server, etcd/leader, etcd/self, etcd/store, golang/expvar, golang/heap, graphite/server, haproxy/info, haproxy/stat, http/json, http/server, jolokia/jmx, kafka/consumergroup, kafka/partition, kibana/stats, kibana/status, kubernetes/a
. . .

piserver, kubernetes/container, kubernetes/event, kubernetes/node, kubernetes/pod, kubernetes/state_container, kubernetes/state_deployment, kubernetes/state_node, kubernetes/state_pod, kubernetes/state_replicaset, kubernetes/state_statefulset, kubernetes/system, kubernetes/volume, kvm/dommemstat, logstash/node, logstash/node_stats, memcached/stats, mongodb/collstats, mongodb/dbstats, mongodb/metrics, mongodb/replstatus, mongodb/status, munin/node, mysql/galera_status, mysql/status, nginx/stubstatus, php_fpm/pool, php_fpm/process, postgresql/activity, postgresql/bgwriter, postgresql/database, postgresql/statement, prometheus/collector, prometheus/stats, rabbitmq/connection, rabbitmq/exchange, rabbitmq/node, rabbitmq/queue, redis/info, redis/keyspace, system/core, system/cpu, system/diskio, system/filesystem, system/fsstat, system/memory, system/network, system/process, system/process_summary, system/raid, system/socket_summary, system/uptime, traefik/health, uwsgi/status, vsphere/datastore, vsphere/host, vsphere/virtualmachine, windows/perfmon, windows/service, zookeeper/mntr]]
2019-01-18T13:31:01.294+0100 INFO instance/beat.go:400 metricbeat start running.
2019-01-18T13:31:01.294+0100 INFO [monitoring] log/log.go:117 Starting metrics logging every 30s
2019-01-18T13:31:01.294+0100 DEBUG [cfgfile] cfgfile/reload.go:118 Checking module configs from: D:\APPL\ELK-Stack\metricbeat/modules.d/*.yml
2019-01-18T13:31:01.294+0100 DEBUG [service] service/service_windows.go:68 Windows is interactive: false
2019-01-18T13:31:01.294+0100 DEBUG [cfgfile] cfgfile/cfgfile.go:177 Load config from file: D:\APPL\ELK-Stack\metricbeat\modules.d\windows.yml
2019-01-18T13:31:01.294+0100 DEBUG [cfgfile] cfgfile/reload.go:132 Number of module configs found: 1
2019-01-18T13:31:01.294+0100 DEBUG [processors] processors/processor.go:66 Processors:
2019-01-18T13:31:01.297+0100 INFO helper/privileges_windows.go:79 Metricbeat process and system info: {"OSVersion":{"Major":6,"Minor":2,"Build":9200},"Arch":"amd64","NumCPU":8,"User":{"SID":"S-1-5-18","Account":"SYSTEM","Domain":"NT AUTHORITY","Type":1},"ProcessPrivs":{"SeAssignPrimaryTokenPrivilege":{"enabled":false},"SeAuditPrivilege":{"enabled_by_default":true,"enabled":true},"SeBackupPrivilege":{"enabled":false},"SeChangeNotifyPrivilege":{"enabled_by_default":true,"enabled":true},"SeCreateGlobalPrivilege":{"enabled_by_default":true,"enabled":true},"SeCreatePagefilePrivilege":{"enabled_by_default":true,"enabled":true},"SeCreatePermanentPrivilege":{"enabled_by_default":true,"enabled":true},"SeCreateSymbolicLinkPrivilege":{"enabled_by_default":true,"enabled":true},"SeDebugPrivilege":{"enabled_by_default":true,"enabled":true},"SeImpersonatePrivilege":{"enabled_by_default":true,"enabled":true},"SeIncreaseBasePriorityPrivilege":{"enabled_by_default":true,"enabled":true},"SeIncreaseQuotaPrivilege":{"enabled":false},"SeIncreaseWorkingSetPrivilege":{"enabled_by_default":true,"enabled":true},"SeLoadDriverPrivilege":{"enabled":false},"SeLockMemoryPrivilege":{"enabled_by_default":true,"enabled":true},"SeManageVolumePrivilege":{"enabled":false},"SeProfileSingleProcessPrivilege":{"enabled_by_default":true,"enabled":true},"SeRestorePrivilege":{"enabled":false},"SeSecurityPrivilege":{"enabled":false},"SeShutdownPrivilege":{"enabled":false},"SeSystemEnvironmentPrivilege":{"enabled":false},"SeSystemProfilePrivilege":{"enabled_by_default":true,"enabled":true},"SeSystemtimePrivilege":{"enabled":false},"SeTakeOwnershipPrivilege":{"enabled":false},"SeTcbPrivilege":{"enabled_by_default":true,"enabled":true},"SeTimeZonePrivilege":{"enabled_by_default":true,"enabled":true},"SeUndockPrivilege":{"enabled":false}}}
2019-01-18T13:31:01.297+0100 INFO helper/privileges_windows.go:87 SeDebugPrivilege is enabled. SeDebugPrivilege=(Default, Enabled)
2019-01-18T13:31:01.297+0100 WARN [cfgwarn] service/service.go:49 BETA: The windows service metricset is beta
2019-01-18T13:31:01.297+0100 INFO cfgfile/reload.go:150 Config reloader started
2019-01-18T13:31:01.297+0100 DEBUG [cfgfile] cfgfile/reload.go:176 Scan for new config files
2019-01-18T13:31:01.297+0100 DEBUG [cfgfile] cfgfile/cfgfile.go:177 Load config from file: D:\APPL\ELK-Stack\metricbeat\modules.d\windows.yml
2019-01-18T13:31:01.297+0100 DEBUG [cfgfile] cfgfile/reload.go:195 Number of module configs found: 1
2019-01-18T13:31:01.298+0100 DEBUG [reload] cfgfile/list.go:62 Starting reload procedure, current runners: 0
2019-01-18T13:31:01.298+0100 DEBUG [reload] cfgfile/list.go:80 Start list: 1, Stop list: 0
2019-01-18T13:31:01.298+0100 DEBUG [processors] processors/processor.go:66 Processors:
2019-01-18T13:31:01.298+0100 WARN [cfgwarn] service/service.go:49 BETA: The windows service metricset is beta
2019-01-18T13:31:01.298+0100 DEBUG [reload] cfgfile/list.go:101 Starting runner: windows [metricsets=1]
2019-01-18T13:31:01.298+0100 DEBUG [module] module/wrapper.go:117 Starting Wrapper[name=windows, len(metricSetWrappers)=1]
2019-01-18T13:31:01.298+0100 INFO cfgfile/reload.go:205 Loading of config files completed.
2019-01-18T13:31:01.298+0100 DEBUG [module] module/wrapper.go:179 Starting metricSetWrapper[module=windows, name=service, host=]
2019-01-18T13:31:01.345+0100 DEBUG [publish] pipeline/processor.go:308 Publish event: {

"@timestamp": "2019-01-18T12:31:01.298Z",
"@metadata": {
"beat": "metricbeat",
"type": "doc",
"version": "6.5.3"
},
"error": {
"message": "The system cannot find the file specified."
},
"beat": {
"name": "winxxxx-eappl",
"hostname": "winxxxx-eappl",
"version": "6.5.3"
},
"host": {
"id": "d58d7f5b-3376-4e54-bae9-7a799d8d9c71",
"name": "winxxxx-eappl",
"architecture": "x86_64",
"os": {
"family": "windows",
"build": "9600.19206",
"platform": "windows",
"version": "6.3"
}
},
"metricset": {
"name": "service",
"module": "windows",
"rtt": 47097
}
}

2019-01-18T13:31:02.345+0100 INFO pipeline/output.go:95 Connecting to backoff(elasticsearch(http://localhost:9200))
2019-01-18T13:31:02.345+0100 DEBUG [elasticsearch] elasticsearch/client.go:689 ES Ping(url=http://localhost:9200)
2019-01-18T13:31:02.350+0100 DEBUG [elasticsearch] elasticsearch/client.go:712 Ping status code: 200
2019-01-18T13:31:02.350+0100 INFO elasticsearch/client.go:713 Connected to Elasticsearch version 6.5.3
2019-01-18T13:31:02.350+0100 DEBUG [elasticsearch] elasticsearch/client.go:731 HEAD http://localhost:9200/_template/metricbeat-6.5.3
2019-01-18T13:31:02.354+0100 INFO template/load.go:129 Template already exists and will not be overwritten.
2019-01-18T13:31:02.354+0100 INFO pipeline/output.go:105 Connection to backoff(elasticsearch(http://localhost:9200)) established
2019-01-18T13:31:02.361+0100 DEBUG [elasticsearch] elasticsearch/client.go:321 PublishEvents: 1 events have been published to elasticsearch in 7.2263ms.
2019-01-18T13:31:02.361+0100 DEBUG [publisher] memqueue/ackloop.go:160 ackloop: receive ack [0: 0, 1]
2019-01-18T13:31:02.361+0100 DEBUG [publisher] memqueue/eventloop.go:535 broker ACK events: count=1, start-seq=1, end-seq=1

2019-01-18T13:31:02.361+0100 DEBUG [publisher] memqueue/ackloop.go:128 ackloop: return ack to broker loop:1
2019-01-18T13:31:02.361+0100 DEBUG [publisher] memqueue/ackloop.go:131 ackloop: done send ack

2019-01-18T13:31:31.397+0100 DEBUG [publish] pipeline/processor.go:308 Publish event: {
"@timestamp": "2019-01-18T12:31:31.346Z",
"@metadata": {
"beat": "metricbeat",
"type": "doc",
"version": "6.5.3"
},
"beat": {
"version": "6.5.3",
"name": "winxxxx-eappl",
"hostname": "winxxxx-eappl"
},
"host": {
"name": "winxxxx-eappl",
"os": {
"family": "windows",
"build": "9600.19206",
"platform": "windows",
"version": "6.3"
},
"id": "d58d7f5b-3376-4e54-bae9-7a799d8d9c71",
"architecture": "x86_64"
},
"metricset": {
"name": "service",
"module": "windows",
"rtt": 51003
},
"error": {
"message": "The system cannot find the file specified."
}
}

2019-01-18T13:31:31.490+0100 INFO [monitoring] log/log.go:144 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":140,"time":{"ms":140}},"total":{"ticks":468,"time":{"ms":468},"value":468},"user":{"ticks":328,"time":{"ms":328}}},"handles":{"open":232},"info":{"ephemeral_id":"6f9b64b7-6ffd-475e-97b7-1bac8708ba7f","uptime":{"ms":33879}},"memstats":{"gc_next":5731312,"memory_alloc":3397904,"memory_total":9685056,"rss":28291072}},"libbeat":{"config":{"module":{"running":0},"reloads":1},"output":{"events":{"acked":1,"batches":1,"total":1},"read":{"bytes":833},"type":"elasticsearch","write":{"bytes":936}},"pipeline":{"clients":2,"events":{"active":0,"published":1,"retry":1,"total":1},"queue":{"acked":1}}},"metricbeat":{"windows":{"service":{"events":2,"failures":2}}},"system":{"cpu":{"cores":8}}}}}
2019-01-18T13:31:32.407+0100 DEBUG [elasticsearch] elasticsearch/client.go:321 PublishEvents: 1 events have been published to elasticsearch in 7.9512ms.
2019-01-18T13:31:32.407+0100 DEBUG [publisher] memqueue/ackloop.go:160 ackloop: receive ack [1: 0, 1]
2019-01-18T13:31:32.407+0100 DEBUG [publisher] memqueue/eventloop.go:535 broker ACK events: count=1, start-seq=2, end-seq=2

2019-01-18T13:31:32.407+0100 DEBUG [publisher] memqueue/ackloop.go:128 ackloop: return ack to broker loop:1
2019-01-18T13:31:32.407+0100 DEBUG [publisher] memqueue/ackloop.go:131 ackloop: done send ack
2019-01-18T13:32:01.307+0100 INFO [monitoring] log/log.go:144 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":140},"total":{"ticks":468,"value":468},"user":{"ticks":328}},"handles":{"open":232},"info":{"ephemeral_id":"6f9b64b7-6ffd-475e-97b7-1bac8708ba7f","uptime":{"ms":63882}},"memstats":{"gc_next":5731312,"memory_alloc":3898896,"memory_total":10186048,"rss":1642496}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":1,"batches":1,"total":1},"read":{"bytes":333},"write":{"bytes":690}},"pipeline":{"clients":2,"events":{"active":0,"published":1,"total":1},"queue":{"acked":1}}}}}}
2019-01-18T13:32:01.393+0100 DEBUG [publish] pipeline/processor.go:308 Publish event: {
"@timestamp": "2019-01-18T12:32:01.347Z",
"@metadata": {
"beat": "metricbeat",
"type": "doc",
"version": "6.5.3"
},
"metricset": {
"name": "service",
"module": "windows",
"rtt": 46000
},
"error": {
"message": "The system cannot find the file specified."
},
"beat": {
"name": "winxxxx-eappl",
"hostname": "winxxxx-eappl",
"version": "6.5.3"
},
"host": {
"name": "winxxxx-eappl",
"architecture": "x86_64",
"os": {
"platform": "windows",
"version": "6.3",
"family": "windows",
"build": "9600.19206"
},
"id": "d58d7f5b-3376-4e54-bae9-7a799d8d9c71"
}
}

2019-01-18T13:32:02.406+0100 DEBUG [elasticsearch] elasticsearch/client.go:321 PublishEvents: 1 events have been published to elasticsearch in 7.7939ms.
2019-01-18T13:32:02.406+0100 DEBUG [publisher] memqueue/ackloop.go:160 ackloop: receive ack [2: 0, 1]
2019-01-18T13:32:02.406+0100 DEBUG [publisher] memqueue/eventloop.go:535 broker ACK events: count=1, start-seq=3, end-seq=3

2019-01-18T13:32:02.406+0100 DEBUG [publisher] memqueue/ackloop.go:128 ackloop: return ack to broker loop:1
2019-01-18T13:32:02.406+0100 DEBUG [publisher] memqueue/ackloop.go:131 ackloop: done send ack
2019-01-18T13:32:25.856+0100 DEBUG [service] service/service.go:57 Received svc stop/shutdown request
2019-01-18T13:32:25.856+0100 INFO cfgfile/reload.go:208 Dynamic config reloader stopped
2019-01-18T13:32:25.856+0100 INFO [reload] cfgfile/list.go:118 Stopping 1 runners ...
2019-01-18T13:32:25.856+0100 DEBUG [reload] cfgfile/list.go:129 Stopping runner: windows [metricsets=1]
2019-01-18T13:32:25.856+0100 DEBUG [publish] pipeline/client.go:148 client: closing acker
2019-01-18T13:32:25.856+0100 DEBUG [publish] pipeline/client.go:150 client: done closing acker
2019-01-18T13:32:25.856+0100 DEBUG [publish] pipeline/client.go:154 client: cancelled 0 events
2019-01-18T13:32:25.856+0100 DEBUG [module] module/wrapper.go:202 Stopped metricSetWrapper[module=windows, name=service, host=]
2019-01-18T13:32:25.856+0100 DEBUG [module] module/wrapper.go:145 Stopped Wrapper[name=windows, len(metricSetWrappers)=1]
2019-01-18T13:32:25.856+0100 DEBUG [reload] cfgfile/list.go:131 Stopped runner: windows [metricsets=1]
2019-01-18T13:32:25.857+0100 INFO [monitoring] log/log.go:152 Total non-zero metrics {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":234,"time":{"ms":234}},"total":{"ticks":624,"time":{"ms":624},"value":624},"user":{"ticks":390,"time":{"ms":390}}},"handles":{"open":230},"info":{"ephemeral_id":"6f9b64b7-6ffd-475e-97b7-1bac8708ba7f","uptime":{"ms":88431}},"memstats":{"gc_next":5731312,"memory_alloc":4383304,"memory_total":10670456,"rss":29933568}},"libbeat":{"config":{"module":{"running":0},"reloads":1},"output":{"events":{"acked":3,"batches":3,"total":3},"read":{"bytes":1500},"type":"elasticsearch","write":{"bytes":2316}},"pipeline":{"clients":1,"events":{"active":0,"published":3,"retry":1,"total":3},"queue":{"acked":3}}},"metricbeat":{"windows":{"service":{"events":3,"failures":3}}},"system":{"cpu":{"cores":8}}}}}
2019-01-18T13:32:25.857+0100 INFO [monitoring] log/log.go:153 Uptime: 1m28.4323398s
2019-01-18T13:32:25.857+0100 INFO [monitoring] log/log.go:130 Stopping metrics logging.
2019-01-18T13:32:25.857+0100 INFO instance/beat.go:410 metricbeat stopped.

For some weird reason, it now works. I can only assume that all reboots over the weekend fixed it.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.