Tried to start filebeat error was generated


(roger vaede) #1

I installed the components of ELK and when I tried to start the service filebeat I received this error:

outputs.go:113: ERR failed to initialize elasticsearch plugin as output: no host configuration found
Error Initialising publisher: no host configuration found

I have installed elasticsearch-2.2 and filebeat.x86_64 ( 1.1.1-1)

Thanks


(Magnus B├Ąck) #2

Judging by the error I'd say your configuration is missing a host configuration for the elasticsearch output. This should be easy to correct. Keep in mind that YAML are sensitive to indentation so be careful with your spaces.

If you need further help you need to post your configuration file. Make sure you format it as code using the </> button.


(roger vaede) #3
################### Filebeat Configuration Example #########################

filebeat:
  # List of prospectors to fetch data.
  prospectors:
    # Each - is a prospector. Below are the prospector specific configurations
    -
      # Paths that should be crawled and fetched. Glob based paths.
      # To fetch all ".log" files from a specific level of subdirectories
      # /var/log/*/*.log can be used.
      # For each file found under this path, a harvester is started.
      # Make sure not file is defined twice as this can lead to unexpected behaviour.
      paths:
        - /var/log/secure
        - /var/log/messages
#        - /var/log/*.log

        #- c:\programdata\elasticsearch\logs\*

      #encoding: plain

      # * stdin: Reads the standard in
      input_type: log


      # Exclude files. A list of regular expressions to match. Filebeat drops the files that
      # are matching any regular expression from the list. By default, no files are dropped.
      # exclude_files: [".gz$"]

  # Optional additional fields. These field can be freely picked
      # to add additional information to the crawled log files for filtering
      #fields:
      #  level: debug
      #  review: 1

      document_type: syslog


  # General filebeat configuration options

  # Event count spool threshold - forces network flush if exceeded
  #spool_size: 2048

  # Defines how often the spooler is flushed. After idle_timeout the spooler is
  # Flush even though spool_size is not reached.
  #idle_timeout: 5s

  # Name of the registry file. Per default it is put in the current working
  # directory. In case the working directory is changed after when running
  # filebeat again, indexing starts from the beginning again.
  registry_file: /var/lib/filebeat/registry

  # Full Path to directory with additional prospector configuration files. Each file must end with .yml
  # These config files must have the full filebeat config part inside, but only
  # the prospector part is processed. All global options like spool_size are ignored.
  # The config_dir MUST point to a different directory then where the main filebeat config file is in.
  #config_dir:

###############################################################################
############################# Libbeat Config ##################################
# Base config file used by all other beats for using libbeat features

############################# Output ##########################################

# Configure what outputs to use when sending the data collected by the beat.
# Multiple outputs may be used.
output:

  ### Elasticsearch as output
  elasticsearch:
#  enabled: false

  ### Logstash as output
  logstash:
    # The Logstash hosts
#    hosts: ["cba-vml-ops-elk01:5044"]
    hosts: ["172.22.17.62:5044"]
    bulk_max_size: 1024

    # Number of workers per Logstash host.
    #worker: 1

    # Set gzip compression level.
    #compression_level: 3

    # Optional load balance the events between the Logstash hosts
    #loadbalance: true

    # Optional index name. The default index name depends on the each beat

  # For Packetbeat, the default is set to packetbeat, for Topbeat
    # top topbeat and for Filebeat to filebeat.
    #index: filebeat

    # Optional TLS. By default is off.
    tls:
      # List of root certificates for HTTPS server verifications
      certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]

      # Certificate for TLS client authentication
      #certificate: "/etc/pki/client/cert.pem"

      # Client Certificate Key
      #certificate_key: "/etc/pki/client/cert.key"

      # Controls whether the client verifies server certificates and host name.
      # If insecure is set to true, all server host names and certificates will be
      # accepted. In this mode TLS based connections are susceptible to
      # man-in-the-middle attacks. Use only for testing.
      #insecure: true

      # Configure cipher suites to be used for TLS connections
      #cipher_suites: []

      # Configure curve types for ECDHE based cipher suites
      #curve_types: []


  ### File as output
  #file:
    # Path to the directory where to save the generated files. The option is mandatory.
    #path: "/tmp/filebeat"

    # Name of the generated files. The default is `filebeat` and it generates files: `filebeat`, `filebeat.1`, `filebeat.2`, etc.
    #filename: filebeat

    # Maximum size in kilobytes of each file. When this size is reached, the files are
    # rotated. The default value is 10 MB.
    #rotate_every_kb: 10000

    # Maximum number of files under path. When this number of files is reached, the
    # oldest file is deleted and the rest are shifted from last to first. The default
    # is 7 files.
    #number_of_files: 7


  ### Console output
  # console:
    # Pretty print json event

(Andrew Kroh) #4

You left the elasticsearch output in your config file. So you have configured both elasticsearch and logstash as outputs, but the elasticsearch output's configuration is incomplete, hence the error you received.

Comment out the elasticsearch: line.


(roger vaede) #5

Well done. Thank you very much that fixed it. This was my first installation.


(system) #6