stackoom
  简体   繁体   中英

Filebeat not pushing logs to Elasticsearch

 原文  2018-03-15 13:30:40       docker/ elasticsearch/ configuration/ elastic-stack/ filebeat

Question

I am new to docker and all this logging stuff so maybe I'm making a stuipd mistake so thanks for helping in advance. I have ELK running aa docker container (6.2.2) via Dockerfile line: 

FROM sebp/elk:latest

In a separate container I am installing and running Filebeat via the folling Dockerfile lines: 

RUN curl -L -O -k https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.2.2-amd64.deb
RUN dpkg -i filebeat-6.2.2-amd64.deb
COPY resources/filebeat/filebeat.yml /etc/filebeat/filebeat.yml
RUN chmod go-w /etc/filebeat/filebeat.yml
RUN /usr/share/filebeat/bin/filebeat -e -d "publish" &

My Filebeat configuration is: 

filebeat.prospectors:
- type: log
  enabled: true
  paths:
    - /jetty/jetty-distribution-9.3.8.v20160314/logs/*.log
output.logstash:
  enabled: false
  hosts: ["elk-stack:9002"]
  #index: 'audit'
output.elasticsearch:
  enabled: true
  hosts: ["elk-stack:9200"]
  #index: "audit-%{+yyyy.MM.dd}"
path.config: "/etc/filebeat"
#setup.template.name: "audit"
#setup.template.pattern: "audit-*"
#setup.template.fields: "${path.config}/fields.yml"

As you can see I was trying to do a custom index into elasticsearch, but now I'm just trying to get the default working first. The jetty logs all have global read permissions.

The docker container logs show no errors and after running I make sure the config and output are OK: 

# filebeat test config
Config OK
# filebeat test output
elasticsearch: http://elk-stack:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 172.17.0.3
    dial up... OK
  TLS... WARN secure connection disabled
  talk to server... OK
  version: 6.2.2

/var/log/filebeat/filebeat shows: 

2018-03-15T13:23:38.859Z        INFO    instance/beat.go:468    Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2018-03-15T13:23:38.860Z        INFO    instance/beat.go:475    Beat UUID: ed5cecaf-cbf5-438d-bbb9-30bab80c4cb9
2018-03-15T13:23:38.860Z        INFO    elasticsearch/client.go:145     Elasticsearch url: http://elk-stack:9200
2018-03-15T13:23:38.891Z        INFO    elasticsearch/client.go:690     Connected to Elasticsearch version 6.2.2

However when i hit localhost:9200/_cat/indices?v it doesn't return any indices: 

health status index uuid pri rep docs.count docs.deleted store.size pri.store.size

How do I get this working? I am out of ideas. Thanks again for any help.

1 answers

solution1
 0 ACCPTED  2018-03-21 13:17:21

To answer my own question you can't start filebeat with: 

RUN /usr/share/filebeat/bin/filebeat -e -d "publish" &

and have it keep running once the container starts. Need to manually start it or have it start in its own container with an ENTRYPOINT tag.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Docker Filebeat Nginx Logs Filebeat is not forwarding logs Consuming pod logs on Openshift with Filebeat Filebeat does not send logs to logstash Filebeat is not sending logs to logstash on kubernetes How to crawl nginx container logs via filebeat? Filebeat container does not send logs to Elastic Filebeat Is not Sending Logs to Logstash even Harvesting Successfull Docker filebeat autodiscover not detecting nginx logs Forwarding docker GELF logs to Logstash with Filebeat (or alternative?)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM