I have been running Elasticsearch with Kibana 5.5 version. I configured filebeat and metricbeat on a different machine. I received the logs just fine and was able to apply filters and view the logs.
I then wanted to send emails based on some log alert. So I installed X-pack on Elasticsearch and Kibana with appropriate version. After this, the credentials are updated in the beats (to allow the traffic) and now I don't see the logs on the Kibana Discover board.
I checked in Dev tools GET /_cat/indices/ and found
yellow open .monitoring-es-6-2017.07.20 cQQ14tVvT0iSZGRbRKbV4A 1 1 3529 84 2.5mb 2.5mb
This I assume shows that the index is used for monitoring today's data.
Also before installing X-pack, I deleted the old data from filebeat and metricbeat using cURL command just to see things fresh.
I see the tcpdump on both devices which confirms the data being sent and received (from beats to ES port) but the logs don't show up.
I also tried deleting the indexes and importing the dashboard scripts from beats. With this the @timestamp is set to Date and default date format. This is the same as earlier (before installing X-pack) and the logs were seen on the Kibana dashboard.
What could be the reason? I am going clueless in linking the logs which are received on port but no seen on dashboard.