Filebeat on Ubuntu

Pandiyan_M · June 23, 2017, 12:33pm

Hi,

I have done ELK 5.4 on Centos and set up filebeats on ubuntu as below

wget -qO – https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add –
# echo ‘deb https://packages.elastic.co/beats/apt stable main’  > /etc/apt/sources.list.d/beats.list 
# apt-get update && apt-get install filebeat

After Installation, In filebeat.yml done as below

#=========================== Filebeat prospectors =============================

filebeat.prospectors:

# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.

- input_type: log

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/web.log

#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]

  # Optional protocol and basic auth credentials.
  #protocol: "https"
  #username: "elastic"
  #password: "changeme"

#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["ELK-Server_IP:5044"]
 # tls:
#       certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]

restarted using service filebeat restart

Now went to ELK server and ran

curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty'

Got error as below

[root@elk-centos centos]# curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty'
{
  "took" : 1,
  "timed_out" : false,
  "_shards" : {
    "total" : 0,
    "successful" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : 0,
    "max_score" : 0.0,
    "hits" : [ ]
  }
}

steffens · June 23, 2017, 1:04pm

Check Filebeat and Logstash logs? Any errors in Filebeat publishing logs to Logstash, or in Logstash? Have you configure Logstash to push event into filebeat index?

Pandiyan_M · June 23, 2017, 1:59pm

Have you configure Logstash to push event into filebeat index?

Let me know steps to push event into filebeat and let me know why

curl -XGET 'http://localhost:9200/filebeat-*/_search?pretty' is giving error ?

No logs in Filebeat

runtman · June 23, 2017, 3:34pm

What? Surely you have installed filebeat to push logs to Logstash, and that is it's purpose. I find this question a bit odd.

You are looking at a index directly and it has no information in it, so therefore you need to look at how the logs are getting there.

Tail the /var/log/filebeat on the node and /var/log/logstash/logstash-plain.log on the log stash node for more information.

system · July 21, 2017, 3:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.