Beats reporting on Kibana as Standalone Cluster

ELK-Stack: 7.8
Beats -> Logstash -> ES
in my cluster: I'm ingesting both data logs and monitoring stats to same cluster.

Installed and configured Filebeat 7.8 on a linux server with the below configuration.
Once started the agent, filebeat-agent is showing/reporting as a new cluster-joinee ("Standalone Cluster) on kibana as below screenshots.

This new installed beats is not being included under our current cluster's beats section rather it's trying to create a new standalone cluster

Please advise

# ============================== Filebeat inputs ===============================
- type: log
  enabled: false
    - /var/log/yum.log

# ============================== Filebeat modules ==============================
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false

# ================================= General ===================================
tags: ["stag"]
  env: testing

# ================================= Dashboards =================================
setup.dashboards.enabled: true

# =================================== Kibana ===================================

  host: "<Kibana-Host:443>"
  username: "elastic"
  password: "${ES_PWD}"
  ssl.enabled: true
  ssl.verification_mode: full
  ssl.certificate_authorities: ["/etc/filebeat/certs/ca.crt"]

# ================================== Outputs ===================================

# ------------------------------ Logstash Output -------------------------------
  hosts: ["<logstash-host>:5044"]
  ssl.certificate_authorities: ["/etc/filebeat/certs/ca.crt"]
  loadbalance: false
  ssl.verification_mode: full

# ================================== Logging ===================================
name: filebeat
logging.level: info
logging.to_files: true
  path: /etc/filebeat/logs
rotateeverybytes: 26214400
keepfiles: 7
logging.json: true
logging.ecs: true
# ================================== Keystore ==================================
keystore.path: "${path.config}/filebeat.keystore"

# ============================= X-Pack Monitoring ==============================
monitoring.enabled: true

  hosts: ["<elasticsearch-host>:9200"]
  username: "beats_system"
  password: "${BT_PWD}"
  ssl.certificate_authorities: ["/etc/filebeat/certs/ca.crt"]
  ssl.verification_mode: full

Resolved my issue by explicitly passing the cluster.uuid in the beats.yml

step-1: Get to know the cluster.uuid using GET /_cluster/stats
step-2: In your *beat.yml file add the line monitoring.cluster_uuid: "<cluster_uuid_value>"
step-3: Restart your beats and now your beats will be reporting to same data-cluster

By default, the most recent version of beats(elasticsearch) assumes that we've two clusters one for data/logs and other for monitoring. So need to explicitly specify as to where beats needs to ingest monitoring stats-metrics

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.