Empty indexes in Kibana

Elastic Stack Elasticsearch
1

I am trying to visualise system logs in kibana, for the process i am using 3's AWS Amazon Linux 2023 EC2 instance in the following way

Instance 01 - Filebeat
Instance 02 - Logstash
Instance 03 - Elasticsearch, Kibana

Filebeat -> Logstash -> Elasticsearch -> Kibana

The problem i am facing is that i have 7000+ empty indexes in kibana under the tag filebeat-*

Below are the steps and configuration which i followed

Please tell me if i have made any mistake because of which i am not getting any data

$ wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.9.1-x86_64.rpm 
$ sudo yum install filebeat-8.9.1-x86_64.rpm

$ sudo vim /etc/filebeat/filebeat.yml

#output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["localhost:9200"]

output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]

$ sudo systemctl enable --now filebeat

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

$ wget https://artifacts.elastic.co/downloads/logstash/logstash-8.9.1-x86_64.rpm
$ sudo yum install logstash-8.9.1-x86_64.rpm

$ sudo vim /etc/logstash/conf.d/logstash.conf

input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
    hosts => ["localhost:9200"]
    manage_template => false
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
  }
}

$ sudo systemctl enable --now logstash

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.9.1-x86_64.rpm 
$ sudo yum install elasticsearch-8.9.1-x86_64.rpm

$ wget https://artifacts.elastic.co/downloads/kibana/kibana-8.9.1-x86_64.rpm
$ sudo yum install kibana-8.9.1-x86_64.rpm

$ sudo vim /etc/elasticsearch/elasticsearch.yml

network.host: 0.0.0.0
http.port: 9200

transport.host: localhost
transport.port: 9300

xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl:
	enabled: false
xpack.security.transport.ssl:
	enabled: false

$ sudo systemctl enable --now elasticsearch

$ sudo vim /etc/kibana/kibana.yml

server.port: 5601
server.host: "0.0.0.0" 
elasticsearch.hosts: ["http://localhost:9200"]

$ sudo systemctl enable --now kibana

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

>>> Back to Filebeat >>>

sudo filebeat modules enable system

sudo filebeat setup --index-management -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=[“localhost:9200"]'

sudo filebeat setup -e -E output.logstash.enabled=false -E 'output.elasticsearch.hosts=[“localhost:9200"]' -E setup.kibana.host=localhost:5601

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.