Hi I am new to the ELK Stack.
I have successfully installed the ELK services along with the shippers into my server.
I was able to create the index patterns for topBeat, winlogBeat and packetBeat, which are of no use to me.
I need to use filebeat for searching through our log files.
I found in few sites that I need to run the import_dashboards.ps1 command for importing the filebeat dashboard into kibana.
Please help me how to create the filebeat index pattern in kibana.
Assuming you have already configured Filebeat and indexed some data into Elasticsearch, then in Kibana click on Settings, click on Indicies, change the "Index name or pattern" field from "logstash-" to "filebeat-". Then Kibana should auto-detect the "Time-field name". Make sure "@timestamp" is selected then click "Create".
No, I have not done that yet.
I have just the default filebeat.yml configuration file in my filebeat installation folder. I need help in configuring and indexing the data into Elasticsearch.
Did you follow the getting started guide here? https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html
Yes I did tried to follow the steps mentioned in that.
I configured the basic template to use it with Elasticsearch output instead of with Logstash output.
And after that to load the template, I get following error,
PS C:\ELK-Stack\filebeat> Invoke-WebRequest -Method Put -InFile filebeat.template.json -Uri http://localhost:9200/_templ
ate/filebeat?Contessa
The term 'Invoke-WebRequest' is not recognized as the name of a cmdlet, function, script file, or operable program. Che
ck the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:18
- Invoke-WebRequest <<<< -Method Put -InFile filebeat.template.json -Uri http://localhost:9200/_template/filebeat?Cont
essa- CategoryInfo : ObjectNotFound: (Invoke-WebRequest:String) [], CommandNotFoundException
- FullyQualifiedErrorId : CommandNotFoundException
Hello,
Thanks a lot for the suggestion.
the command is running successfully after upgrading the PS.
But the filebeat index pattern is not auto detected by Kibana.
Does the index actually exist? What is the output of this query?
curl http://elasticsearch:9200/_cat/indices?v
I can see the filebeat index as below,
PS C:\ELK-Stack\filebeat> curl http://localhost:9200/_cat/indices?v -R
health status index pri rep docs.count docs.deleted store.size pri.store.size
yellow open winlogbeat-2015.09.09 5 1 70 0 148kb 148kb
yellow open winlogbeat-2016.02.26 5 1 506 0 743.5kb 743.5kb
yellow open winlogbeat-2015.09.08 5 1 299 0 441.4kb 441.4kb
yellow open winlogbeat-2015.12.22 5 1 592 0 869.4kb 869.4kb
yellow open winlogbeat-2015.12.23 5 1 1024 0 842.7kb 842.7kb
yellow open winlogbeat-2015.12.24 5 1 448 0 704.2kb 704.2kb
yellow open winlogbeat-2015.12.25 5 1 249 0 406.2kb 406.2kb
yellow open filebeat 5 1 0 0 795b 795b
yellow open winlogbeat-2016.05.09 5 1 1077 0 874.4kb 874.4kb
yellow open winlogbeat-2015.12.10 5 1 751 0 728.6kb 728.6kb
Hi, can you please help me out to proceed further.
Can you please provide the configuration for your Filebeat and Logstash instances. It looks like there is a problem with your Filebeat setup because you do not have any daily indices present, just one called "filebeat".
Hi, I have attached the config file. Can you please help me out further.
This topic was automatically closed after 21 days. New replies are no longer allowed.