Filebeat error while setting up dashboard


(Syed) #1

Dear Team,

we are facing an issue while setting up the dasboard on the beat server

below is the error

[elastic@wapinprjb102 filebeat-6.0.0-linux-x86_64]$ ./filebeat setup --dashboards
Exiting: Error importing Kibana dashboards: fail to create the Elasticsearch loader: Elasticsearch output is not configured/enabled

Filebeat.yml file :

###################### Filebeat Configuration Example #########################

This file is an example configuration file highlighting only the most common

options. The filebeat.reference.yml file from the same directory contains all the

supported options with more comments. You can use it as a reference.

You can find the full configuration reference here:

https://www.elastic.co/guide/en/beats/filebeat/index.html

For more available modules and options, please see the filebeat.reference.yml sample

configuration file.

#=========================== Filebeat prospectors =============================

filebeat.prospectors:

Each - is a prospector. Most options can be set at the prospector level, so

you can use different prospectors for various configurations.

Below are the prospector specific configurations.

  • type: log

    Change to true to enable this prospector configuration.

    enabled: true

    Paths that should be crawled and fetched. Glob based paths.

    paths:

- /var/log/*.log

 - /opt/wap/domains/jb004-prod1/liferay/logs/*.log
#- c:\programdata\elasticsearch\logs\*

Exclude lines. A list of regular expressions to match. It drops the lines that are

matching any regular expression from the list.

#exclude_lines: ['^DBG']

Include lines. A list of regular expressions to match. It exports the lines that are

matching any regular expression from the list.

#include_lines: ['^ERR', '^WARN']

Exclude files. A list of regular expressions to match. Filebeat drops the files that

are matching any regular expression from the list. By default, no files are dropped.

#exclude_files: ['.gz$']

Optional additional fields. These fields can be freely picked

to add additional information to the crawled log files for filtering

#fields:

level: debug

review: 1

Multiline options

Mutiline can be used for log messages spanning multiple lines. This is common

for Java Stack Traces or C-Line Continuation

The regexp Pattern that has to be matched. The example pattern matches all lines starting with [

#multiline.pattern: ^[

Defines if the pattern set under pattern should be negated or not. Default is false.

#multiline.negate: false

Match can be set to "after" or "before". It is used to define if lines should be append to a pattern

that was (not) matched before or after or as long as a pattern is not matched based on negate.

Note: After is the equivalent to previous and before is the equivalent to to next in Logstash

#multiline.match: after

#============================= Filebeat modules ===============================

filebeat.config.modules:

Glob pattern for configuration loading

path: ${path.config}/modules.d/*.yml

Set to true to enable config reloading

reload.enabled: false

Period on which files under path should be checked for changes

#reload.period: 10s

#============================== Dashboards =====================================

These settings control loading the sample dashboards to the Kibana index. Loading

the dashboards is disabled by default and can be enabled either by setting the

options here, or by using the -setup CLI flag or the setup command.

setup.dashboards.enabled: true
setup.dashboards.beat: filebeat
setup.dashboards.kibana_index: .kibana
setup.dashboards.directory: ${path.home}/kibana

The URL from where to download the dashboards archive. By default this URL

has a value which is computed based on the Beat name and version. For released

versions, this URL points to the dashboard archive on the artifacts.elastic.co

website.

#setup.dashboards.url:

#============================== Kibana =====================================

Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.

This requires a Kibana endpoint configuration.

setup.kibana:
#hosts: ["dcvelk01.warbabank.com:5601"]
setup.kibana.host: "dcvelk01.warbabank.com:5601"
setup.kibana.protocol: "http"
username: "elastic"
password: "elastic"

Kibana Host

Scheme and port can be left out and will be set to the default (http and 5601)

In case you specify and additional path, the scheme is required: http://localhost:5601/path

IPv6 addresses should always be defined as: https://[2001:db8::1]:5601

#host: "localhost:5601"

#================================ Outputs =====================================

Configure what output to use when sending the data collected by the beat.

#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
#output.elasticsearch.hosts: ["dcvels01.warbabank.com:9200"]
#username: "elastic"
#password: "elastic"

Array of hosts to connect to.

#----------------------------- Logstash output --------------------------------
output.logstash:
output.logstash.hosts: ["dcvelg01.warbabank.com:5044"]
#index: filebeat

The Logstash hosts

Optional SSL. By default is off.

List of root certificates for HTTPS server verifications

#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

Certificate for SSL client authentication

#ssl.certificate: "/etc/pki/client/cert.pem"

Client Certificate Key

#ssl.key: "/etc/pki/client/cert.key"

Filebeat log :

[elastic@wapinprjb102 logs]$ tail -100f filebeat
2017-12-27T08:01:28+03:00 DBG Disable stderr logging
2017-12-27T08:01:28+03:00 INFO Home path: [/opt/wap/platform/filebeat/filebeat-6.0.0-linux-x86_64] Config path: [/opt/wap/platform/filebeat/filebeat-6.0.0-linux-x86_64] Data path: [/opt/wap/platform/filebeat/filebeat-6.0.0-linux-x86_64/data] Logs path: [/opt/wap/platform/filebeat/filebeat-6.0.0-linux-x86_64/logs]
2017-12-27T08:01:28+03:00 DBG Beat metadata path: /opt/wap/platform/filebeat/filebeat-6.0.0-linux-x86_64/data/meta.json
2017-12-27T08:01:28+03:00 INFO Beat UUID: 2b259a7b-4af5-484d-8562-49410dec35cf
2017-12-27T08:01:28+03:00 INFO Setup Beat: filebeat; Version: 6.0.0
2017-12-27T08:01:28+03:00 DBG Initializing output plugins
2017-12-27T08:01:28+03:00 DBG Processors:
2017-12-27T08:01:28+03:00 INFO Metrics logging every 30s
2017-12-27T08:01:28+03:00 DBG start pipeline event consumer
2017-12-27T08:01:28+03:00 INFO Beat name: wapinprjb102
2017-12-27T08:01:28+03:00 CRIT Exiting: Error importing Kibana dashboards: fail to create the Elasticsearch loader: Elasticsearch output is not configured/enabled

Kindly suggest me on this and guide me to fix this issue.


(Scott Stephenson) #2

To the best of my knowledge, dashboards are only able to be imported via the Elasticsearch api, so if you're using Logstash as output, which looks to be the case, that's why it's failing.

What I've done in the past - and this is by no means the best way to go about it - is to install/configure filebeat on the same server were Elasticsearch is installed/running on. Do the template setup and dashboard configuration there via the Elasticsearch output option (since it's on the same server, "localhost:9200" should work). It'll put the template and dashboards in that way. Then stop the filebeat service since you don't need it on that same server anymore (or keep it running for the localhost logs, up to you).

Once the template and dashboards are in, you can output to logstash no problem. Elasticsearch will then use the logstash data to populate the dashboards and such.

Like I said though, this isn't the best way to do it, but it's what I did to get things loaded.


(Syed) #3

Dear Scott,

Much appreciated for your response, but we are looking to push the clinets logs data to the logstash and from there to elasticsearch and then finally to kibana dashboard.

we installed the filebeat on the client server where we are trying to fetch the logs.

without setting up the dashboard can we load the data to logstash?

Thanks in advance.


(Scott Stephenson) #4

Syed,
Yes, you can load the data into Elasticsearch via Logstash for later retrieval through Kibana without setting up the dashboards.

The dashboards that are normally installed are pretty basic, but they give you a good idea of what's possible with the collected log data. You're also able to edit them, which is useful in discovering how they function and present the data, which is a good starting point for building your own based on your needs.

They're useful, but not required.


(Syed) #5

Dear Scott,

Thank you for sharing the info on dashboards.

So, now i'm trying to run filebeat directly, instead of setting up the dashboard but unfortunately i'm not able to run as i'm getting below error while executing the command from the client.

[elastic@wapinprjb102 filebeat-6.0.0-linux-x86_64]$ ./filebeat -c filebeat.yml -E name=filebeat
Exiting: Error importing Kibana dashboards: fail to create the Elasticsearch loader: Elasticsearch output is not configured/enabled

executing the command as elastic user.

kindly suggest me on this.


(Scott Stephenson) #6

Hey Syed,
Looks like filebeat wants to try to load the Kibana dashboards. Open your filebeat.yml config file and look for the ==== Kibana ==== section. Comment out with a # whatever is active in that section. In my case it was setup.kibana and host:

Save and close out the file.

I would then start the filebeat service with

sudo service filebeat start

This will cause it to run in the background to collect the logs and ship them out to wherever it is you configured them to go (I'm assuming) in the ==== Logstash output ==== section. Running filebeat directly via the command line such as you've listed in the previous post is useful if you've got a custom location for the configuration file, but if it's in the default location for your system, just run it as a service.

Using the -E option is also useful for overwriting a particular configuration aspect and if you want to overwrite the name variable, make sure you enclose it in " marks. But that's also something you can set in the filebeat.yml so unless you want to specify a different name other than what's in the filebeat.yml file, you can probably leave that portion off. If you run filebeat as a service, though, you wouldn't need this portion. At least not that I know of, anyway.


(Syed) #7

Dear Scott,

As said, we commented out the complete kibana section with # and we ran the filebeat and we got the below error.

handle error: read tcp 172.16.41.143:46094->172.16.42.163:5044: i/o timeout
2018-01-03T12:31:26+03:00 ERR Failed to publish events caused by: read tcp 172.16.41.143:46094->172.16.42.163:5044: i/o timeout
2018-01-03T12:31:26+03:00 DBG closing
2018-01-03T12:31:26+03:00 ERR Failed to publish events caused by: read tcp 172.16.41.143:46094->172.16.42.163:5044: i/o timeout
2018-01-03T12:31:26+03:00 DBG 2048 events out of 2048 events sent to logstash. Continue sending
2018-01-03T12:31:26+03:00 DBG close connection
2018-01-03T12:31:26+03:00 DBG close connection
2018-01-03T12:31:26+03:00 ERR Failed to publish events caused by: client is not connected
2018-01-03T12:31:27+03:00 ERR Failed to publish events: client is not connected
2018-01-03T12:31:27+03:00 DBG connect
2018-01-03T12:31:27+03:00 DBG 2048 events out of 2048 events sent to logstash. Continue sending
2018-01-03T12:31:27+03:00 DBG 2048 events out of 2048 events sent to logstash. Continue sending

kindly suggest me what we can do to resolve this issue.

Thanks in advance.


(system) #8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.