4

I am not getting that how to run this filebeat in order to send output to elasticsearch.

This is from the filebeat.yml file,

- input_type: log

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/nginx/access.log

output.elasticsearch:
  # Array of hosts to connect to.
    hosts: ["localhost:9200"]
    index: 'filebeat_nginx'

elasticsearch is up and running.

Now, how to run filebeat to send the log info to elasticsearch.

If I go to bin directory of filebeat, and run this command,

luvpreet@DHARI-Inspiron-3542:/usr/share/filebeat/bin$ sudo ./filebeat -configtest -e

then it shows ,

filebeat2017/04/19 06:54:22.450440 beat.go:339: CRIT Exiting: error loading config file: stat filebeat.yml: no such file or directory
Exiting: error loading config file: stat filebeat.yml: no such file or directory

The filebeat.yml file is in the /etc/filebeat folder. How to run it ? Please clarify the process to run this with elasticsearch.

Luv33preet
  • 1,686
  • 7
  • 33
  • 66
  • May I ask why this went from a Grafana question to a Filebeat one? Why not creating a new one? – Val Apr 19 '17 at 07:08
  • 1
    You're missing `-c /etc/filebeat/filebeat.yml` on your command line – Val Apr 19 '17 at 07:10
  • yeah, They were telling me that you are in risk of being blocked. So, I did not ask a new question, instead modified my previous one. – Luv33preet Apr 19 '17 at 07:12
  • Did it work by adding the additional switch on the command line ? – Val Apr 19 '17 at 09:00
  • actually I installled it as dbm, so I needed to change the directory, `cd /usr/bin` , then run that command. Also, I added the template json to elasticsearch. Then it worked. – Luv33preet Apr 19 '17 at 09:02
  • You should add an answer so you can gain your rep back :-) – Val Apr 20 '17 at 12:09

3 Answers3

3

A typical filebeat command looks like this:

/usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml \
-path.home /usr/share/filebeat -path.config /etc/filebeat \
-path.data /var/lib/filebeat -path.logs /var/log/filebeat

-c indicates your config file, as noted in the comments above. path.home is your scripts. path.config contains config files. path.data is where state is maintained. path.logs is where the filebeat process will log.

Paul Back
  • 1,269
  • 16
  • 23
0

If you have made the necessary arrangements in /etc/filebeat/filebeat.yml file, you can use this command "service filebeat start". After the service is started you can control service this command "service filebeat status". If there is an error, you can see errors.

Halil
  • 109
  • 1
  • 3
0

1.If you have installed the rpm package, you will have /etc/filebeat/filebeat.yml file. Edit the file to send the output to Elasticsearch and start it using command "/etc/init.d/filebeat start" 2. If you have downloaded binary and installed it, you can use the command "Downloads/filebeat-5.4.0-darwin-x86_64/filebeat -e -c location_to_your_filebeat.yml"

Bipin Kumar
  • 21
  • 3