I am trying to run packetbeat in centos 7, while running I am getting the below error

[root@packetbeat]# cat /var/log/packetbeat/packetbeat
2016-11-23T11:50:50+04:00 INFO Setup Beat: packetbeat; Version: 5.0.1
2016-11-23T11:50:50+04:00 INFO Loading template enabled. Reading template file: /etc/packetbeat/packetbeat.template.json
2016-11-23T11:50:50+04:00 INFO Loading template enabled for Elasticsearch 2.x. Reading template file: /etc/packetbeat/packetbeat.template-es2x.json
2016-11-23T11:50:50+04:00 ERR failed to initialize elasticsearch plugin as output: missing required field accessing 'output.elasticsearch.hosts'
2016-11-23T11:50:50+04:00 CRIT Exiting: error initializing publisher: missing required field accessing 'output.elasticsearch.hosts'

in my packetbeat.yml I have specified elasticsearch

output.elasticsearch:

Array of hosts to connect to.

hosts: ["x.x.x.x:xxxx"]

I am not sure what I am missing, any idea?

the config file format (yaml) is sensitive to use of spaces and tabs. Looks like you did not indent hosts correctly.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.