在此先感谢您的帮助,在mi Ubuntu18.04计算机上启动FIleBeat时遇到以下问题:
`filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/lib/systemd/system/filebeat.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-02-20 14:00:31 UTC; 16h ago
Docs: https://www.elastic.co/products/beats/filebeat
Process: 26944 ExecStart=/usr/share/filebeat/bin/filebeat $BEAT_LOG_OPTS $BEAT_CONFIG_OPTS $BEAT_PATH_OPTS (code=exited, status=1/FAILURE)
Main PID: 26944 (code=exited, status=1/FAILURE)
feb 20 14:00:31 _91_ansible systemd[1]: filebeat.service: Service hold-off time over, scheduling restart.
feb 20 14:00:31 _91_ansible systemd[1]: filebeat.service: Scheduled restart job, restart counter is at 5.
feb 20 14:00:31 _91_ansible systemd[1]: Stopped Filebeat sends log files to Logstash or directly to Elasticsearch..
feb 20 14:00:31 _91_ansible systemd[1]: filebeat.service: Start request repeated too quickly.
feb 20 14:00:31 _91_ansible systemd[1]: filebeat.service: Failed with result 'exit-code'.
feb 20 14:00:31 _91_ansible systemd[1]: Failed to start Filebeat sends log files to Logstash or directly to Elasticsearch..
`
正如错误明确指出的那样,似乎是在我定义filebeat.yml以便输出到elasticsearch和logstash时。实际上,正如我在/etc/filebeat/filebeat.yml中的filebeat.yml定义的那样,那不是真的:
#=====================Prospector Setup =======================================
filebeat.prospectors:
- type: log
enabled: true
paths: ["/tmp/osquery_result"]
json.keys_under_root: true
#============================= Filebeat modules ===============================
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
# Period on which files under path should be checked for changes
#reload.period: 10s
#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 3
#index.codec: best_compression
#_source.enabled: false
#================================ Outputs =====================================
#output.elasticsearch:
# hosts: ["192.168.XX.XX:9200"]
# username: "XXXXXX"
# password: "XXXXX"
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/logstash-forwarder.crt"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
非常感谢您提供的任何帮助,我已经测试了很多不同的东西,但是都没有解决。