Filebeat 0 hits? Require help to resolve

Leonard_Larios_Chan · May 11, 2016, 2:59pm

Hi!

I'm new to using the ELK stack and after configuring, installing the ELK stack and finally coming to filebeat, I can't seem to get a hit after running

curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty'

and getting

{
"_index" : "filebeat-2016.01.29",
"_type" : "log",
"_id" : "AVKO98yuaHvsHQLa53HE",
"_score" : 1.0,
"_source":{"message":"Feb 3 14:34:00 rails sshd[963]: Server listening on :: port 22.","@version":"1","@timestamp":"2016-01-29T19:59:09.145Z","beat":{"hostname":"topbeat-u-03","name":"topbeat-u-03"},"count":1,"fields":null,"input_type":"log","offset":70,"source":"/var/log/auth.log","type":"log","host":"topbeat-u-03"}
}

like I'm supposed to. I am getting

{
"took" : 1
"timed_out" : false,
"_shards" : {
"total" : 0,
"successful" : 0,
"failed" : 0
},
"hits" : {
"total" : 0
"max_score" : 0.0,
"hits" : [ ]
}
}

I can't seem to get it running and shown on the kibana discover page.

MarkOStewart · May 11, 2016, 8:35pm

it looks like filebeats is not sending files. It is creating the index but no documents are created.

I had luck when troubleshooting logstash and filebeats to send the output to stdout so you can immediately see what is being sent w/o running queries.

Are you using filebeats directly to Elasticsearch or to logstash and then elasticsearch?

warkolm · May 11, 2016, 10:45pm

Please don't create multiple threads for the one issue - Filebeat Installation 0 hits? Troubleshoot

Topic		Replies	Views
Filebeat Installation 0 hits? Troubleshoot Beats filebeat	4	2504	July 5, 2017
Problem with filebeat Beats filebeat	10	2280	August 2, 2017
Elasticsearch does not receive Filebeat data Beats filebeat	4	1406	April 3, 2020
Trouble getting topbeat data into elasticsearch via logstash Beats	7	2268	July 5, 2017
No data moving into elasticsearch Beats filebeat	22	6589	May 16, 2018

Filebeat 0 hits? Require help to resolve

Related topics