Filebeats only sends logs when I have filebeat -e running

I'm new to configuring ELK stack. I had it setup without ssl and with ssl and back to without ssl. I did this because I was not able to get apache and mysql to send logs to the elk stack. I tried to send it to output.elasticsearch and could not figure out how to get the logs. I ran the setup and I saw it created the index and had no idea how to pull up the charts for either mysql or apache. I did the same with output.logstash. I noticed that when viewing in discover I see logs and if I'm not running the script filebeat -e I'm not getting any logs. I thought I only needed to setup the service and have it running. does this script need to be running in the background? I would love to be able to produce those nice dashboards shown in the examples.

Actually I run it and it does not log much data.

Maybe I have the configuration file wrong for logstash.

Hi @plegault,

are you sending from Filebeat to Logstash and then on to Elastic, or is Filebeat configured to send directly? (e.g. output.elasticsearch.hosts or & cloud.auth vs. output.logstash in the filebeat.yml?

Have you enabled the apache and mysql modules in Filebeat?

Heres a few links to the detailed config options:


Hi Dain,
I have an ELK server setup with https.
I setup filebeat, winlogbeat,heartbeat on the elk server.

  • This server I'm running
    -- filebeat with elasticsearch and logstash modules. all to elastic not logstash
    -- heartbeat to elastic not logstash
    -- winlogbeat to elastic not logstash
    On my WordPress server:
    -- Filebeat with apache module to elasticsearch not logstash.
    I set this server up following the instructions in kibana, I get to the end "Data successfully received from this module"

I go to apache log dashboard and get this error.
AH00112: Warning: DocumentRoot [D:/Bitnami/wampstack/apache2/docs/] does not exist

Under discover I see logs from the server, however only from when I ran filebeat.exe -e

I have multiple vhost on this server and would love to see the information for each

I looked at the configuration Basic authentication: and I'm at a lose on how to get that to work. I tried setting up passwords and received on error. I did create the certificate and could not figure out how to use that.


How do you have Elasticsearch deployed? (Elastic Cloud, locally, docker based, via ECE/ECK orchestration?


I figured out the error with dummy-host

I'm running the filbeat.exe -e:
Error fetching fields for index pattern filebeat-* (ID: filebeat-*)



I'm going to start over with a new ELK server

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.