I am trying to send topbeat logs from a Centos7 on virtualbox to an ELK stack running on the local machine. When I run sudo /etc/init.d/topbeat start from the terminal, I get the message:
Starting topbeat (via systemctl): [OK]
with no other logs and it returns immediately to the command line. I have run topbeat successfully on the local machine (Mac OSX) and have logged CPU usage and such all the way to Kibana. Any idea why Topbeat is immediately exiting?
The Getting Started guide recommends that you test the configuration before starting the service. Did you do a config test?
If the config test passes, then run Topbeat in the foreground instead of as a service and see if there are any errors. See Troubleshooting.
Thanks, I did not realize it was running in the background. It is now sending logs to logstash, but outside of the VM, on the local machine, logstash is not receiving any of the events that are being sent. In my topbeat.yml file the only output lines I have are:
# The Logstash hosts
hosts: ["ip of host machine and port number 5044"]
# Number of workers per Logstash host.
In the logstash .conf file the only input lines I have are:
port => 5044
I am not sure what else I need to complete the pipeline.
Turns out that I had not set the time on the VM so I was looking at the current time in Kibana but the timestamp of the logs was hours in the future so it was not showing up. Thanks for the help!