Unable to start FileBeat "sends log files to Logstash or directly to Elasticsearch"

Hi, and thanks in advance for your help, I am having the following issue when starting FIleBeat on mi Ubuntu18.04 machine:

    `filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
   Loaded: loaded (/lib/systemd/system/filebeat.service; disabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2020-02-20 14:00:31 UTC; 16h ago
     Docs: https://www.elastic.co/products/beats/filebeat
  Process: 26944 ExecStart=/usr/share/filebeat/bin/filebeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS (code=exited, status=1/FAILURE)
 Main PID: 26944 (code=exited, status=1/FAILURE)

feb 20 14:00:31 _91_ansible systemd[1]: filebeat.service: Service hold-off time over, scheduling restart.
feb 20 14:00:31 _91_ansible systemd[1]: filebeat.service: Scheduled restart job, restart counter is at 5.
feb 20 14:00:31 _91_ansible systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
feb 20 14:00:31 _91_ansible systemd[1]: filebeat.service: Start request repeated too quickly.
feb 20 14:00:31 _91_ansible systemd[1]: filebeat.service: Failed with result 'exit-code'.
feb 20 14:00:31 _91_ansible systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..
`

As the error clearly said, It seems as I am defining my filebeat.yml to output to both elasticsearch and logstash. In fact, as my filebeat.yml at /etc/filebeat/filebeat.yml is defined, thats not true:

    #=====================Prospector Setup =======================================
filebeat.prospectors:
- type: log
  enabled: true
  paths: ["/tmp/osquery_result"]
  json.keys_under_root: true

#============================= Filebeat modules ===============================

filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml

  # Set to true to enable config reloading
  reload.enabled: false

  # Period on which files under path should be checked for changes
  #reload.period: 10s

#==================== Elasticsearch template setting ==========================

setup.template.settings:
  index.number_of_shards: 3
  #index.codec: best_compression
  #_source.enabled: false

#================================ Outputs =====================================

  #output.elasticsearch:
  #     hosts: ["192.168.XX.XX:9200"]
  #     username: "XXXXXX"
  #     password: "XXXXX"

  #----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/logstash-forwarder.crt"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

Thanks all for any help you may provide, I have tested a lot of different things but none of the work out.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.