There should be at least one admin user in x-pack that has all access rights. That is the one I'm referring to. You should definitively not use this one in production but would be nice to quickly check with this user for testing.
Default admin user should be elastic.
Have you tried to index any data via curl?
Did you check /_cat/indices if the index exists?
Have you checked Elasticsearch logs for authentication failures or failures when creating the filebeat index?
yes, i can see there exists indices and i dont see any failures in elasticsearch logs.
Just wanted to know how does this indices happen and where do the data or all shards located?
Not sure I fully understand your question above? You mean how beats creates the indices?
Yes Ruflin, i need to know how beats creates the indices.
Also we need to know if logs path changed in filebeat configuration, how long the data will be indexed and can be able to view in kibana?
Indices are created based on the index config in the output: https://www.elastic.co/guide/en/beats/filebeat/current/elasticsearch-output.html#_index
I think I can't follow your second question(s)? How long you keep the data is up-to-you.
I strongly recommend you to follow the getting started guide as it will show you all the steps and details: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html
Its resolved. Thank you ruflin 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.