Filebeat on Ubuntu

Pandiyan_M · June 23, 2017, 12:33pm

Hi,

I have done ELK 5.4 on Centos and set up filebeats on ubuntu as below

wget -qO – https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add –
# echo ‘deb https://packages.elastic.co/beats/apt stable main’  > /etc/apt/sources.list.d/beats.list 
# apt-get update && apt-get install filebeat

After Installation, In filebeat.yml done as below

#=========================== Filebeat prospectors =============================

filebeat.prospectors:

# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.

- input_type: log

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/web.log

#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]

  # Optional protocol and basic auth credentials.
  #protocol: "https"
  #username: "elastic"
  #password: "changeme"

#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["ELK-Server_IP:5044"]
 # tls:
#       certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]

restarted using service filebeat restart

Now went to ELK server and ran

curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty'

Got error as below

[root@elk-centos centos]# curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty'
{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 0,
    "successful" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : 0,
    "max_score" : 0.0,
    "hits" : [ ]
  }
}

steffens · June 23, 2017, 1:04pm

Check Filebeat and Logstash logs? Any errors in Filebeat publishing logs to Logstash, or in Logstash? Have you configure Logstash to push event into filebeat index?

Pandiyan_M · June 23, 2017, 1:59pm

Have you configure Logstash to push event into filebeat index?

Let me know steps to push event into filebeat and let me know why

curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty' is giving error ?

No logs in Filebeat

runtman · June 23, 2017, 3:34pm

What? Surely you have installed filebeat to push logs to Logstash, and that is it's purpose. I find this question a bit odd.

You are looking at a index directly and it has no information in it, so therefore you need to look at how the logs are getting there.

Tail the /var/log/filebeat on the node and /var/log/logstash/logstash-plain.log on the log stash node for more information.

system · July 21, 2017, 3:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat is not running after ELK setup in ubuntu machine Beats filebeat	9	1269	December 21, 2017
New filebeat/ELK stack user: trouble with Raspberry Beats filebeat	18	2070	January 31, 2017
Filebeat Configuration for Apache Logs Beats	3	12141	April 25, 2017
Filebeat configuration assistance Beats filebeat	3	741	June 26, 2018
Filebeat and incompatible CentOS Beats	3	1353	July 5, 2017

Filebeat on Ubuntu

Related Topics