ES 5.0 new installation question

Diggy · November 8, 2016, 8:40pm

After getting less-than-desired results trying to upgrade my ELK stack to version 5.0, I thought I'd start fresh, and create a brand new ELK 5.0 node. I have reused some config files (e.g. elasticsearch.yml, kibana.yml, logstash config files) from my older setup. So far, so good. ES, Logstash, and Kibana start OK, and I can access the Kibana Web UI. However, I can't configure an index pattern. For example, the pattern logstash-* returns the dreaded "Unable to fetch mapping. ... ". When I look in /var/lib/elasticsearch/nodes/0/indices, I see idices with names like Lk8wl5UtRASVyldRHspZQg, instead of e.g. logstash-2016.11.08. When I go to http://localhost:9200/_cat/indices, I see the following:

yellow open .monitoring-data-2 s147bGxoQ5WgDgsP4XlECA 1 1 4 0 13.5kb 13.5kb
yellow open .monitoring-es-2-2016.11.08 PcZAvTv8TjmTJgZ6e-rm0Q 1 1 2900 40 2.4mb 2.4mb
yellow open .monitoring-kibana-2-2016.11.08 m1MyHbtXRCiNPdeDr97aZA 1 1 550 0 335kb 335kb
yellow open .kibana Lk8wl5UtRASVyldRHspZQg 1 1 1 0 3.2kb 3.2kb

What happened to my logstash, filebeat, winlogbeat, and topbeat indices?

Thanks

warkolm · November 8, 2016, 8:53pm

Did you push data from beats etc into ES? That might sound obvious, but it doesn't look like you have.

Diggy · November 8, 2016, 9:33pm

warkolm, I take it you mean from all of the hosts that are forwarding logs? I would think so. I'm using logstash as output. Here's my output configuration (30-elasticsearch-output.conf):

output {
if [@metadata][beat] {
elasticsearch {
hosts => ["http://10.0.101.101:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
} else {
elasticsearch { hosts => ["10.0.101.101:9200"] }
stdout { codec => rubydebug }
}
}

warkolm · November 8, 2016, 10:07pm

And do you know that data is reaching the output? Do things show if you use a stdout?

Diggy · November 9, 2016, 3:39pm

Actually, I don't know. If I've followed installation instructions to-the-letter, but used various config files from the old installation, maybe that's where the problem lies. I've posted the various configs on Pastebin (http://pastebin.com/dcEbc32k). I would most appreciate it if someone could take a look. That way, either a misconfig will be uncovered, or it'll rule out that that's where the problem lies.

With thanks.

warkolm · November 9, 2016, 3:51pm

You should add a stdout to check

Diggy · November 9, 2016, 4:19pm

OK. But, er (shuffling feet, looking sheepish), how do I do that?

warkolm · November 9, 2016, 10:24pm

It's totally ok to ask that

output {
  stdout {
    codec => rubydebug
  }
}

Diggy · November 9, 2016, 10:27pm

Thanks so much. I'm taking it I add this to my logstash output config? And I should access, or see, output where?

warkolm · November 9, 2016, 11:00pm

Yeah add it to your config, it'll show the output of your pipeline to the console, aka stdout.

Diggy · November 10, 2016, 3:22pm

OK. Once added, and services restarted, am I supposed to see output flowing to stdout (I don't, as of now), or must I do something else?

system · December 8, 2016, 3:23pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.