search

live-wire / terminalbeat

Elastic beat for executing shell commands and sending stdout logs to Elasticsearch or Logstash :computer: :crystal_ball:
Other
8 stars 1 forks source link

Couldn't get it to work... #1

Open kirillka57 opened 4 years ago

kirillka57 commented 4 years ago

Hi,

I tried to run this beat but I do not see my command's results in the debug log. I see this:

2019-11-26T17:22:10.688-0500    DEBUG   [publish]       pipeline/consumer.go:137        start pipeline event consumer
2019-11-26T17:22:10.688-0500    INFO    [publisher]     pipeline/module.go:119  Beat name: terminalbeat
2019-11-26T17:22:10.688-0500    INFO    [monitoring]    log/log.go:117  Starting metrics logging every 30s
2019-11-26T17:22:10.688-0500    INFO    instance/beat.go:404    terminalbeat start running.
2019-11-26T17:22:10.688-0500    INFO    beater/terminalbeat.go:44       terminalbeat is running! Hit CTRL-C to stop it.
Enter 0 to exit:
Running command [ /usr/bin/bash /tmp/run_query.sh ]
2019-11-26T17:22:40.693-0500    INFO    [monitoring]    log/log.go:144  Non-zero metrics in the last 30s        {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":8960,"time":{"ms":8966}},"total":{"ticks":148390,"time":{"ms":148407},"value":148390},"user":{"ticks":139430,"time":{"ms":139441}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":6},"info":{"ephemeral_id":"8890b200-5dff-40d6-b67c-ff832d562230","uptime":{"ms":30012}},"memstats":{"gc_next":4884560,"memory_alloc":4316488,"memory_total":68675091360,"rss":23314432}},"libbeat":{"config":{"module":{"running":0}},"output":{"type":"elasticsearch"},"pipeline":{"clients":1,"events":{"active":0}}},"system":{"cpu":{"cores":32},"load":{"1":1.67,"15":0.66,"5":0.84,"norm":{"1":0.0522,"15":0.0206,"5":0.0263}}}}}}
2019-11-26T17:23:10.692-0500    INFO    [monitoring]    log/log.go:144  Non-zero metrics in the last 30s        {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":17910,"time":{"ms":8948}},"total":{"ticks":297060,"time":{"ms":148663},"value":297060},"user":{"ticks":279150,"time":{"ms":139715}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":6},"info":{"ephemeral_id":"8890b200-5dff-40d6-b67c-ff832d562230","uptime":{"ms":60012}},"memstats":{"gc_next":5407472,"memory_alloc":5456152,"memory_total":137169480312,"rss":901120}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":1,"events":{"active":0}}},"system":{"load":{"1":3.18,"15":0.81,"5":1.26,"norm":{"1":0.0994,"15":0.0253,"5":0.0394}}}}}}
2019-11-26T17:23:40.691-0500    INFO    [monitoring]    log/log.go:144  Non-zero metrics in the last 30s        {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":26660,"time":{"ms":8751}},"total":{"ticks":446550,"time":{"ms":149495},"value":446550},"user":{"ticks":419890,"time":{"ms":140744}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":6},"info":{"ephemeral_id":"8890b200-5dff-40d6-b67c-ff832d562230","uptime":{"ms":90012}},"memstats":{"gc_next":4795792,"memory_alloc":3507800,"memory_total":205732343808,"rss":28672}},"libbeat":{"config":{"module":{"running":0}},"pipeline":{"clients":1,"events":{"active":0}}},"system":{"load":{"1":4.98,"15":1.04,"5":1.92,"norm":{"1":0.1556,"15":0.0325,"5":0.06}}}}}}

It just prints local box stats every 30 sec rather than the results of my shell script. Not do I see them in elasticsearch.

Please help!

Thanks in advance.

live-wire commented 4 years ago

Are you sure you're emitting something to stdout? Can you share a skeleton of your script run_query.sh?

Also, the beat expects newline separations in stdout. Do you have them?

kirillka57 commented 4 years ago

Hello Dhruv,

Thanks for replying. I will check soon if there is my commands produce stdout or stderr and get back to you. I do have new lines in output, that's for sure.

Thanks, Kirill

On Wed, Nov 27, 2019, 17:31 Dhruv Batheja notifications@github.com wrote:

Are you sure you're emitting something to stdout? Can you share a skeleton of your script run_query.sh?

Also, the beat expects newline separations in stdout. Do you have them?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/live-wire/terminalbeat/issues/1?email_source=notifications&email_token=AB4P42CLL7AAEWCQ5KD3WPDQV3YLXA5CNFSM4JR6WCQKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEFK5GUI#issuecomment-559272785, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB4P42ETAQRI6RKOAV2IP4DQV3YLXANCNFSM4JR6WCQA .

kirillka57 commented 4 years ago

Hi Dhruv,

Yes, my command does produce stdout.

Thanks, Kirill

On Wed, Nov 27, 2019, 17:34 Kirill Karpelson kirillka@gmail.com wrote:

Hello Dhruv,

Thanks for replying. I will check soon if there is my commands produce stdout or stderr and get back to you. I do have new lines in output, that's for sure.

Thanks, Kirill

On Wed, Nov 27, 2019, 17:31 Dhruv Batheja notifications@github.com wrote:

Are you sure you're emitting something to stdout? Can you share a skeleton of your script run_query.sh?

Also, the beat expects newline separations in stdout. Do you have them?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/live-wire/terminalbeat/issues/1?email_source=notifications&email_token=AB4P42CLL7AAEWCQ5KD3WPDQV3YLXA5CNFSM4JR6WCQKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEFK5GUI#issuecomment-559272785, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB4P42ETAQRI6RKOAV2IP4DQV3YLXANCNFSM4JR6WCQA .