Filebeat installation not creating index in ElasticSearch


#1

I have just installed Windows ElasticSearch x64 , Kibana(x86) 5.5.2 and FileBeats(x86) to my Windows 10. I should see an indice created for both Kibana and FileBeats but do not see one for FIlebeats. The ElasticSearch cat shows as follows. Some from Kibana,
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
yellow open .kibana E8cuRzLqTw-7yoLr7s1iGw 1 1 1 0 3.2kb 3.2kb

The Filebeats log indicates that ES is set as a for the output.
The filebeat.prospector is as follows
filebeat.prospectors:

Each - is a prospector. Most options can be set at the prospector level, so

you can use different prospectors for various configurations.

Below are the prospector specific configurations.

  • input_type: log

    Paths that should be crawled and fetched. Glob based paths.

    paths:
    #- /var/log/*.log

    • C:\ProgramData\Elastic\Elasticsearch\logs*.logs

And the filebeat log is
2017-08-30T02:58:16+10:00 INFO Metrics logging every 30s
2017-08-30T02:58:16+10:00 INFO Loading template enabled for Elasticsearch 2.x. Reading template file: C:\Program Files (x86)\elk\filebeat\filebeat.template-es2x.json
2017-08-30T02:58:16+10:00 INFO Loading template enabled for Elasticsearch 6.x. Reading template file: C:\Program Files (x86)\elk\filebeat\filebeat.template-es6x.json
2017-08-30T02:58:16+10:00 INFO Elasticsearch url: http://localhost:9200
2017-08-30T02:58:16+10:00 INFO Activated elasticsearch as output plugin.
2017-08-30T02:58:16+10:00 INFO Publisher name: Hammertime
2017-08-30T02:58:16+10:00 INFO Flush Interval set to: 1s
2017-08-30T02:58:16+10:00 INFO Max Bulk Size set to: 50
2017-08-30T02:58:16+10:00 INFO filebeat start running.
2017-08-30T02:58:16+10:00 INFO Registry file set to: C:\ProgramData\filebeat\registry
2017-08-30T02:58:16+10:00 INFO Loading registrar data from C:\ProgramData\filebeat\registry
2017-08-30T02:58:16+10:00 INFO States Loaded from registrar: 0
2017-08-30T02:58:16+10:00 INFO Loading Prospectors: 1
2017-08-30T02:58:16+10:00 INFO Starting Registrar
2017-08-30T02:58:16+10:00 INFO Start sending events to output
2017-08-30T02:58:16+10:00 INFO Starting spooler: spool_size: 2048; idle_timeout: 5s
2017-08-30T02:58:16+10:00 INFO Prospector with previous states loaded: 0
2017-08-30T02:58:16+10:00 INFO Starting prospector of type: log; id: 2849417448995922770
2017-08-30T02:58:16+10:00 INFO Loading and starting Prospectors completed. Enabled prospectors: 1
2017-08-30T02:58:46+10:00 INFO No non-zero metrics in the last 30s
2017-08-30T02:59:16+10:00 INFO No non-zero metrics in the last 30s
2017-08-30T02:59:46+10:00 INFO No non-zero metrics in the last 30s
2017-08-30T03:00:16+10:00 INFO No non-zero metrics in the last 30s
2017-08-30T03:00:46+10:00 INFO No non-zero metrics in the last 30s
2017-08-30T03:01:16+10:00 INFO No non-zero metrics in the last 30s
2017-08-30T03:01:46+10:00 INFO No non-zero metrics in the last 30s
2017-08-30T03:02:16+10:00 INFO No non-zero metrics in the last 30s
2017-08-30T03:02:46+10:00 INFO No non-zero metrics in the last 30s
2017-08-30T03:03:16+10:00 INFO No non-zero metrics in the last 30s
2017-08-30T03:03:46+10:00 INFO No non-zero metrics in the last 30s
2017-08-30T03:04:16+10:00 INFO No non-zero metrics in the last 30s
2017-08-30T03:04:46+10:00 INFO No non-zero metrics in the last 30s

Thanks for any guidance


#2

I have resolved this issue as a typo in the filebeat.yml prospector. The was an s when there should not have been,

C:\ProgramData\Elastic\Elasticsearch\logs*.logs
Shouldnot end in 's'

This ticket can be closed.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.