Hi, and thanks in advance for your help, I am having the following issue when starting FIleBeat on mi Ubuntu18.04 machine:
`filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/lib/systemd/system/filebeat.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-02-20 14:00:31 UTC; 16h ago
Docs: https://www.elastic.co/products/beats/filebeat
Process: 26944 ExecStart=/usr/share/filebeat/bin/filebeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS (code=exited, status=1/FAILURE)
Main PID: 26944 (code=exited, status=1/FAILURE)
feb 20 14:00:31 _91_ansible systemd[1]: filebeat.service: Service hold-off time over, scheduling restart.
feb 20 14:00:31 _91_ansible systemd[1]: filebeat.service: Scheduled restart job, restart counter is at 5.
feb 20 14:00:31 _91_ansible systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
feb 20 14:00:31 _91_ansible systemd[1]: filebeat.service: Start request repeated too quickly.
feb 20 14:00:31 _91_ansible systemd[1]: filebeat.service: Failed with result 'exit-code'.
feb 20 14:00:31 _91_ansible systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..
`
As the error clearly said, It seems as I am defining my filebeat.yml to output to both elasticsearch and logstash. In fact, as my filebeat.yml at /etc/filebeat/filebeat.yml is defined, thats not true:
#=====================Prospector Setup =======================================
filebeat.prospectors:
- type: log
enabled: true
paths: ["/tmp/osquery_result"]
json.keys_under_root: true
#============================= Filebeat modules ===============================
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
# Period on which files under path should be checked for changes
#reload.period: 10s
#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 3
#index.codec: best_compression
#_source.enabled: false
#================================ Outputs =====================================
#output.elasticsearch:
# hosts: ["192.168.XX.XX:9200"]
# username: "XXXXXX"
# password: "XXXXX"
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/logstash-forwarder.crt"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
Thanks all for any help you may provide, I have tested a lot of different things but none of the work out.