Trying to figure out, what’s wrong with my simple Sidecar setup, which fails with error:
Collector Status: At least one backend with errors
Filebeat: Unable to start collector after 3 tries, giving up!
Status data and Log filenames from source server are listed on Collector Status screen, server port in /generated/filebeat.yml file changes from 5555 to 5044, if modified via Graylog Collector ”Configure Beats Outputs” - so tags should be o.k.
But Filebeat prospectors of generated yml file are empty and logs on both sides doesn’t provide much additional data.
It seems Beats Inputs configuration isn’t reflected in /generated/filebeat.yml file and filebeats can’t start. What could be the reason?
/etc/graylog/collector-sidecar/generated/filebeat.yml
:
filebeat:
prospectors: []
output:
logstash:
hosts:
- 10.201.40.11:5555
path:
data: /var/cache/graylog/collector-sidecar/filebeat/data
logs: /var/log/graylog/collector-sidecar
tags:
- mysql-slow-query
/etc/graylog/collector-sidecar/collector_sidecar.yml
:
server_url: http://10.201.40.11:9000/api/
update_interval: 10
tls_skip_verify: true
send_status: true
list_log_files:
- /var/log/mysql
node_id: graylog-collector-sidecar
collector_id: file:/etc/graylog/collector-sidecar/collector-id
cache_path: /var/cache/graylog/collector-sidecar
log_path: /var/log/graylog/collector-sidecar
log_rotation_time: 86400
log_max_age: 604800
tags:
- mysql-slow-query
backends:
- name: filebeat
enabled: true
binary_path: /usr/bin/filebeat
configuration_path: /etc/graylog/collector-sidecar/generated/filebeat.yml
Picture of Inputs:
Log source server: Ubuntu 14.04. with Sidecar 0.1.4., run as root.
Graylog server v2.3.2, CentOS - iptables, firewall and selinux are disabled.