Getting Started (6.4) - problems

Elastic Stack Beats
1

Trying to follow the Getting Started tutorial for the 6.4 stack.

I have followed the instructions as described, except that I configured and used yum for the install rather than download and install the rpm files by hand.

Elasticsearch appears to install correctly.
Kibana installs ok.
metricbeat installs as described.

However, going to kibana nothing works. It does not display anything like the data shown in the getting started document, it complains about no indexes and shows no data.

Following the instructions in the "Add Metrics" link for metricbeat helps, although this does not match reality if you have used something like an rpm to load, since there is no "installation directory". Even after following these steps, kibana doesn't seem to see any data.

I think your getting started document needs work... unless I am missing something.

Found one reason that I missed:

[root@elk kibana]# metricbeat modules enable system
Module system doesn't exist!

This probably has something to do with the instruction to run this from the install directory ... where is the install directory when installed via yum/rpm??

This seems to be one problem:

image
image.png1288×360 53.7 KB

2

I have pinged @dedemorton to look into Getting Started Guide of metricbeat. Moving this to beats channel.

Thanks
Rashmi

3

Hi. Metricbeat is installed under /usr/share/metricbeat. You can see all the installation locations by platform here: https://www.elastic.co/guide/en/beats/metricbeat/current/directory-layout.html.

Try running the commands again and let me know if you continue to have issues.

4

Oh, I did. Several times.
If you just copy the commands as shown in the doc and run them in the /usr/share/*beat directories they don’t work.

First they don’t find the config file - you need to run them with the -c option and the path to the config file.

On the setup, they look for the system module - no way to find that, even if you run the command in the /usr/share/*beat/module directory.

I gave up trying to add the system module that way, and guessed (because I can’t find any doc on the subject) that in the /etc/*beat/module directory there are a bunch of module files, all named something like:

module-name.yml.undefined

I assumed that all that happens is the “undefined” part of the filename gets removed, so did that manually.

But still, nothing works. Someone really needs to start with aclean VM, load centos 7, config yum, install the components and see what happens as you try to follow the instructions (getting started, or the reference doc instructions). They just don’t work, and there isn’t enough detail in the doc to understand how to debug.

Oh, and no using the add-on (subscription) stuff that the doc seems intent on forcing people to use. Just the basic components.

5

Unfortunately you are facing the problem described in this blog post:

You need to run the following command to fix it:

sudo cp -r /usr/share/metricbeat/modules.d /etc/metricbeat/

It will be fixed in the upcoming 6.4.1 release.

6

That may be the metricsbeat problem. I tried filebeat too. It does have the modules.d directory in /etc/filebeat. That doesn’t work either.

Kibana complains about no index. Its not obvious if Kibana is not sending the right request, or if a required index has not been created in elasticsearch.

7

In the pasted screenshot I can see that you were able to create the index pattern, which requires the indices to exist. Sometimes I've seen kibana still show the warning about missing indices when the indices already exist, due to browser cache issues. Can you try refreshing your kibana?

Otherwise, if you paste the log of running filebeat with the -e -d publish flags, we can sort out if filebeat is writting to the right index or not.

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.