I am new to ELK and I can't add an index name or pattern for logstash. I could do it for some beats, but for logstash-* it says "Unable to fetch mapping".
I must not have indicies matching the pattern, but how do I do it? I have a pipeline sending data to ES and all the services are properly running.
Many thanks.
Hi arque,
what indices do you have in your cluster?
Look at the list of indices in elasticsearch:
e.g., run from command line:
$ curl 'http://alhost:9200/_cat/indices'
For the logstash-*catch clause to work, it should show some indices that match that pattern.
Hi Thomas,
Indeed, all I have in this list is for the beats and kibana:
yellow open winlogbeat-2013.11.29 5 1 3407 0 1.6mb 1.6mb
yellow open topbeat-2016.09.23 5 1 291618 0 131.4mb 131.4mb
yellow open winlogbeat-2016.09.19 5 1 267 0 248.4kb 248.4kb
yellow open winlogbeat-2016.08.29 5 1 702 0 581.5kb 581.5kb
yellow open winlogbeat-2016.09.17 5 1 19 0 42.9kb 42.9kb
yellow open winlogbeat-2016.09.16 5 1 77 0 121.4kb 121.4kb
yellow open winlogbeat-2016.09.15 5 1 15 0 40.1kb 40.1kb
yellow open winlogbeat-2016.09.14 5 1 2492 0 1.2mb 1.2mb
yellow open winlogbeat-2016.09.13 5 1 535 0 325.1kb 325.1kb
yellow open .kibana 1 1 92 12 99.4kb 99.4kb
yellow open winlogbeat-2016.09.12 5 1 265 0 258.2kb 258.2kb
yellow open winlogbeat-2016.09.30 5 1 385 0 346.1kb 346.1kb
yellow open winlogbeat-2014.01.16 5 1 529 0 412.6kb 412.6kb
yellow open winlogbeat-2014.01.15 5 1 958 0 804.6kb 804.6kb
yellow open filebeat-2016.09.29 5 1 47 0 42.3mb 42.3mb
yellow open topbeat-2016.09.30 5 1 588749 0 248.6mb 248.6mb
yellow open winlogbeat-2013.12.02 5 1 268 0 378.9kb 378.9kb
yellow open winlogbeat-2016.09.08 5 1 339 0 275.3kb 275.3kb
yellow open winlogbeat-2016.09.29 5 1 1285 0 596kb 596kb
yellow open winlogbeat-2016.09.06 5 1 228 0 242.5kb 242.5kb
yellow open winlogbeat-2016.09.28 5 1 734 0 385.4kb 385.4kb
yellow open winlogbeat-2016.09.05 5 1 264 0 246.2kb 246.2kb
yellow open winlogbeat-2016.09.27 5 1 1532 0 839.4kb 839.4kb
yellow open winlogbeat-2016.09.26 5 1 1939 0 777.4kb 777.4kb
yellow open winlogbeat-2016.09.25 5 1 1976 0 859.9kb 859.9kb
yellow open winlogbeat-2016.09.24 5 1 1526 0 664.2kb 664.2kb
yellow open winlogbeat-2016.09.23 5 1 2227 0 1.1mb 1.1mb
yellow open winlogbeat-2016.09.01 5 1 318 0 258.1kb 258.1kb
yellow open winlogbeat-2016.09.22 5 1 802 0 734.5kb 734.5kb
yellow open winlogbeat-2016.09.21 5 1 128 0 206.6kb 206.6kb
yellow open winlogbeat-2016.09.20 5 1 336 0 353.5kb 353.5kb
yellow open winlogbeat-2014.01.08 5 1 379 0 387.8kb 387.8kb
yellow open winlogbeat-2014.06.10 5 1 1629 0 1.3mb 1.3mb
yellow open topbeat-2016.09.28 5 1 1171354 0 480.7mb 480.7mb
yellow open topbeat-2016.09.29 5 1 1193888 0 512.3mb 512.3mb
yellow open topbeat-2016.09.26 5 1 357906 0 145.4mb 145.4mb
yellow open topbeat-2016.09.27 5 1 1235943 0 498.9mb 498.9mb
So how do I add an indice for logstash? It doesn't seem complicated, but I am a complete beginner who followed the tutorial and couldn't do it.
Thank you!
you can create an index pattern over your own data as well, if you just like to get your feet wet with Kibana. Use something like winlogbeat-*.
To get sample log data like logstash, you can find some here https://www.elastic.co/guide/en/kibana/current/getting-started.html. It's the third download, plus there are instructions to index them with ES.
You can also use this npm package https://www.npmjs.com/package/makelogs to generate synthetic log data.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.