Filebeat Installation 0 hits? Troubleshoot

Leonard_Larios_Chan · May 11, 2016, 2:57pm

Hi!

I'm new to using the ELK stack and after configuring, installing the ELK stack and finally coming to filebeat, I can't seem to get a hit after running

curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty'

and getting

{
"_index" : "filebeat-2016.01.29",
"_type" : "log",
"_id" : "AVKO98yuaHvsHQLa53HE",
"_score" : 1.0,
"_source":{"message":"Feb 3 14:34:00 rails sshd[963]: Server listening on :: port 22.","@version":"1","@timestamp":"2016-01-29T19:59:09.145Z","beat":{"hostname":"topbeat-u-03","name":"topbeat-u-03"},"count":1,"fields":null,"input_type":"log","offset":70,"source":"/var/log/auth.log","type":"log","host":"topbeat-u-03"}
}

like I'm supposed to. I am getting

{
"took" : 1
"timed_out" : false,
"_shards" : {
"total" : 0,
"successful" : 0,
"failed" : 0
},
"hits" : {
"total" : 0
"max_score" : 0.0,
"hits" : [ ]
}
}

This is my first time trying this ELK stack as part of my own learning and would appreciate if someone could help me!

steffens · May 11, 2016, 10:20pm

you using filebeat->logstash->elastisearch or filebeat->elasticsearch? How does your config look like? Any error messages from filebeat/logstash? Have you tried running filebeat directly on console in debug mode (add -d '*' -v -e)?

Leonard_Larios_Chan · May 12, 2016, 1:19am

Hi! Thanks for responding!

I believe I am using filebeat > logstash > Elasticsearch as I'm required to setup an ELK. (please correct me if I'm wrong in doing that. I'm currently also following a guide on digitialocean and did follow it. my config is as per the website, There were no error messages from the filebeat/logstash.

I will try to run filbeat directly in debug mode.

steffens · May 12, 2016, 11:58am

which guide. There is another official getting-started guide