Elasticsearch filebeat failed to start

Question

Elasticsearch filebeat failed to start

801 Views Asked by Terchila Marian At 09 June 2023 at 09:22

I have been struggling for quite some time with my filebeat setup.

I have installed filebeat 7.10 on an ubuntu instance. Somehow part of the logs were sent to my cluster, but now when I check the systemctl status it always says failed, regardless of how many things I tried.

root@ip-172-31-35-75:/var/log/filebeat# systemctl status filebeat
× filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
     Loaded: loaded (/lib/systemd/system/filebeat.service; disabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Fri 2023-06-09 09:13:30 UTC; 839ms ago
       Docs: https://www.elastic.co/products/beats/filebeat
    Process: 267824 ExecStart=/usr/share/filebeat/bin/filebeat --environment systemd $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS (code=exited, status=2)
   Main PID: 267824 (code=exited, status=2)
        CPU: 141ms

Jun 09 09:13:30 ip-172-31-35-75 systemd[1]: filebeat.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 09 09:13:30 ip-172-31-35-75 systemd[1]: filebeat.service: Failed with result 'exit-code'.
Jun 09 09:13:30 ip-172-31-35-75 systemd[1]: filebeat.service: Scheduled restart job, restart counter is at 5.
Jun 09 09:13:30 ip-172-31-35-75 systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
Jun 09 09:13:30 ip-172-31-35-75 systemd[1]: filebeat.service: Start request repeated too quickly.
Jun 09 09:13:30 ip-172-31-35-75 systemd[1]: filebeat.service: Failed with result 'exit-code'.
Jun 09 09:13:30 ip-172-31-35-75 systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..
root@ip-172-31-35-75:/var/log/filebeat#

This is my filebeat.yml configuration

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /home/ubuntu/.pm2/logs/*.log

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false

<!-- setup.template.settings:
  index.number_of_shards: 1
  #index.codec: best_compression
  #_source.enabled: false -->

setup.kibana:
  host: "http://*****5601"

output.elasticsearch:
  hosts: ["http://****9200"]
    #protocol: "https"
  username: ""
  password: ""

processors:
  - decode_json_fields:
      fields: ["message"]
      target: ""
      overwrite_keys: true



setup.ilm.enabled: false
setup.pack.security.enabled: false
setup.xpack.graph.enabled: false
setup.xpack.watcher.enabled: false
setup.xpack.monitoring.enabled: false
setup.xpack.reporting.enabled: false


logging.level: debug
logging.to_files: true
logging.files:
  path: /var/log/filebeat
  name: filebeat
  keepfiles: 7
  permissions: 0644

Additionally, I do not see any errors in /var/log/filebeat

root@ip-172-31-35-75:/var/log/filebeat# cat filebeat
2023-06-09T09:13:30.293Z    INFO    instance/beat.go:645    Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2023-06-09T09:13:30.293Z    DEBUG   [beat]  instance/beat.go:697    Beat metadata path: /var/lib/filebeat/meta.json
2023-06-09T09:13:30.293Z    INFO    instance/beat.go:653    Beat ID: 4cee4800-191d-4e30-88ae-c4a79cdc579d
2023-06-09T09:13:30.294Z    DEBUG   [processors]    processors/processor.go:120 Generated new processors: decode_json_fields=message
2023-06-09T09:13:30.294Z    DEBUG   [seccomp]   seccomp/seccomp.go:117  Loading syscall filter  {"seccomp_filter": {"no_new_privs":true,"flag":"tsync","policy":{"default_action":"errno","syscalls":[{"names":["accept","accept4","access","arch_prctl","bind","brk","chmod","chown","clock_gettime","clone","close","connect","dup","dup2","epoll_create","epoll_create1","epoll_ctl","epoll_pwait","epoll_wait","exit","exit_group","fchdir","fchmod","fchmodat","fchown","fchownat","fcntl","fdatasync","flock","fstat","fstatfs","fsync","ftruncate","futex","getcwd","getdents","getdents64","geteuid","getgid","getpeername","getpid","getppid","getrandom","getrlimit","getrusage","getsockname","getsockopt","gettid","gettimeofday","getuid","inotify_add_watch","inotify_init1","inotify_rm_watch","ioctl","kill","listen","lseek","lstat","madvise","mincore","mkdirat","mmap","mprotect","munmap","nanosleep","newfstatat","open","openat","pipe","pipe2","poll","ppoll","pread64","pselect6","pwrite64","read","readlink","readlinkat","recvfrom","recvmmsg","recvmsg","rename","renameat","rt_sigaction","rt_sigprocmask","rt_sigreturn","sched_getaffinity","sched_yield","sendfile","sendmmsg","sendmsg","sendto","set_robust_list","setitimer","setsockopt","shutdown","sigaltstack","socket","splice","stat","statfs","sysinfo","tgkill","time","tkill","uname","unlink","unlinkat","wait4","waitid","write","writev"],"action":"allow"}]}}}
2023-06-09T09:13:30.294Z    INFO    [seccomp]   seccomp/seccomp.go:124  Syscall filter successfully installed
2023-06-09T09:13:30.294Z    INFO    [beat]  instance/beat.go:981    Beat info   {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "4cee4800-191d-4e30-88ae-c4a79cdc579d"}}}
2023-06-09T09:13:30.294Z    INFO    [beat]  instance/beat.go:990    Build info  {"system_info": {"build": {"commit": "1428d58cf2ed945441fb2ed03961cafa9e4ad3eb", "libbeat": "7.10.0", "time": "2020-11-09T19:57:04.000Z", "version": "7.10.0"}}}
2023-06-09T09:13:30.294Z    INFO    [beat]  instance/beat.go:993    Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":2,"version":"go1.14.7"}}}
2023-06-09T09:13:30.294Z    INFO    [beat]  instance/beat.go:997    Host info   {"system_info": {"host": {"architecture":"x86_64","boot_time":"2023-04-24T15:51:50Z","containerized":false,"name":"ip-172-31-35-75","ip":["127.0.0.1/8","::1/128","172.31.35.75/20","fe80::8bf:3fff:fe77:62c/64"],"kernel_version":"5.19.0-1023-aws","mac":["0a:bf:3f:77:06:2c"],"os":{"family":"debian","platform":"ubuntu","name":"Ubuntu","version":"22.04.2 LTS (Jammy Jellyfish)","major":22,"minor":4,"patch":2,"codename":"jammy"},"timezone":"UTC","timezone_offset_sec":0,"id":"ec2d83d9dbbd59eb7af1e043bc0e6dc5"}}}
2023-06-09T09:13:30.295Z    INFO    [beat]  instance/beat.go:1026   Process info    {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read","38","39","40"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read","38","39","40"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read","38","39","40"],"ambient":null}, "cwd": "/", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 267824, "ppid": 1, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2023-06-09T09:13:29.780Z"}}}
2023-06-09T09:13:30.295Z    INFO    instance/beat.go:299    Setup Beat: filebeat; Version: 7.10.0
2023-06-09T09:13:30.295Z    DEBUG   [beat]  instance/beat.go:325    Initializing output plugins
2023-06-09T09:13:30.295Z    INFO    eslegclient/connection.go:99    elasticsearch url: http://35.178.63.225:9200
2023-06-09T09:13:30.295Z    DEBUG   [publisher] pipeline/consumer.go:148    start pipeline event consumer
2023-06-09T09:13:30.295Z    INFO    [publisher] pipeline/module.go:113  Beat name: ip-172-31-35-75
2023-06-09T09:13:30.296Z    INFO    [monitoring]    log/log.go:118  Starting metrics logging every 30s
2023-06-09T09:13:30.296Z    INFO    instance/beat.go:455    filebeat start running.
2023-06-09T09:13:30.296Z    DEBUG   [test]  registrar/migrate.go:304    isFile(/var/lib/filebeat/registry) -> false
2023-06-09T09:13:30.296Z    DEBUG   [test]  registrar/migrate.go:304    isFile() -> false
2023-06-09T09:13:30.296Z    DEBUG   [test]  registrar/migrate.go:297    isDir(/var/lib/filebeat/registry/filebeat) -> true

Please let me know if you have any idea what could be wrong and where

Original Q&A

Elasticsearch filebeat failed to start

There are 0 best solutions below

Related Questions in ELASTICSEARCH

Related Questions in FILEBEAT

Related Questions in ELASTIC-BEATS

Trending Questions

Popular # Hahtags

Popular Questions