Killing the beat process from the command line is unreliable

[chris-counteractive]

When running the beat from the command line, ctrl-c does not reliably or quickly kill the process. The code for the beat’s main loop is all part of the libbeat framework, but it’s possible we’re doing something in our custom code that contributes to this problem. We've not seen this negatively impact the overall functioning of the beat, but it should be addressed if possible.

To work around this issue we recommend using the service commands, or killing the process using the PID from another terminal.

[chris-counteractive]

Another seemingly reliable workaround when testing is to pipe to less and kill from there:

./o365beat --path.config . -c o365beat.dev.yml -e -d "*" 2>&1 > /dev/null  |  less

Quitting less with q kills the whole tree, no fuss no muss.

[chris-counteractive]

Recent tests have closed the beat cleanly, and I don't see anything we're doing that would unduly block, especially once the first 7-day download is complete. Workarounds seem sufficient unless we see additional reports of this issue; closing.