Hi,
I have done ELK 5.4 on Centos and set up filebeats on ubuntu as below
wget -qO – https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add –
# echo ‘deb https://packages.elastic.co/beats/apt stable main’ > /etc/apt/sources.list.d/beats.list
# apt-get update && apt-get install filebeat
After Installation, In filebeat.yml done as below
#=========================== Filebeat prospectors =============================
filebeat.prospectors:
# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.
- input_type: log
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /var/log/web.log
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["localhost:9200"]
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["ELK-Server_IP:5044"]
# tls:
# certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
restarted using service filebeat restart
Now went to ELK server and ran
curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty'
Got error as below
[root@elk-centos centos]# curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty'
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 0,
"successful" : 0,
"failed" : 0
},
"hits" : {
"total" : 0,
"max_score" : 0.0,
"hits" : [ ]
}
}