Hi-
Am able to run the Winlogbeat successfully and able to create the .winlogbeat.yml file and logs shows succesffully sending the data to Elastic Search pointing to http://localhost:9200
Would you please let me know, how to check whether the data has received to Elastic Search. ?
When i open the Kibana, am able to add the Index, but couldn't see any data, says no data found.
Am having the setup on a Windows-7 machine, Could some one please help. Thanks !
What does the output of this command return? It should show what indices have been created and the number of documents in each index.
curl -XGET "http://localhost:9200/_cat/indices?v"
Am having my set-up on Windows-7, I believe, CURL is a Linux command to execute.
Would you please let me know, If we have any other windows command to check.
I had executed GET winlogbeat-*/_count on the Console in Kiabna, shows up Nil results.
{
"count": 0,
"_shards": {
"total": 0,
"successful": 0,
"failed": 0
}
}
But, My Winlogbeats service is running fine, Got logs in C:/ProgramData/Logs along with .winlogbeat.yml file.
Please help.
Setup-Details:
Elastic Search - 5.1.1
Kibana - 5.1.1
X-Pack Installed and logging in with given credentials, "kibana" and "changeme"
You can make the equivalent request using GET _cat/indices?v from the console in Kibana. Or on Windows there is the Invoke-WebRequest powershell cmdlet that you can use to make queries on the command line. Or you can just make the request from your browser.
Can you post the logs from Winlogbeat?
I've executed the command given " GET _cat/indices?v"
Here is the snippet:
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
yellow open .monitoring-kibana-2-2016.12.23 i_Jx79t-TH61DKWaanuWeg 1 1
yellow open .monitoring-es-2-2016.12.25 mQG72hfEThmMM6GQL-e3FQ 1 1
yellow open .monitoring-es-2-2016.12.26 SeOi9QQsSs2tY572SIbLGA 1 1
yellow open metricbeat JXJyAZKkQt-81JVciM6qFQ 5 1
yellow open winlogbeat y3pGYdUSTqmfV4fWE__qYw 5 1
yellow open .monitoring-kibana-2-2016.12.26 RqaZuyBrTHam-lD9AlRn-w 1 1
yellow open .monitoring-data-2 38kEy7P7SDWTSBSuNprX_w 1 1
yellow open .kibana SRqTMWgQSCOBbFl_Xad8Sg 1 1 8 1 29.3kb 29.3kb
yellow open .monitoring-kibana-2-2016.12.25 580AyMCaS0KEAcbQPBg7hQ 1 1
yellow open .monitoring-es-2-2016.12.23 AmzC3-BtTUiFhKm9ZliJwQ 1 1
I couldn't upload the text files, so I took a snippet of logs and attached as png files.
How did you indices created that do not contain dates? Please post the configuration that you are using.
Sorry, am pretty new to the Elastic Stack, I get started with the limited resources I had and found it very much interesting.
I don't think, I had created Indexes as such and I've attached the snippet of the winogbeat.yml file I had created.
Could you please let me know, how do I create the indexes with the Timestamps as you mentioned?
You configured Winlogbeat to write to index: winlogbeat so all of your data is going to the winlogbeat index instead of a daily index. Stop Winlogbeat, delete the registry file, remove the index: winlogbeat line, and restart. See the documenation for index.
I had added the Index in the winlogbeat.yml config as "index:
And I ran the command in the console devtools:(GET _cat/indices?v)
yellow open winlogbeat y3pGYdUSTqmfV4fWE__qYw 5 1
yellow open winlogbeat-2016.12.26 Mknuj-QRRFS4BERiqXYgMA 5 1
Is this the right approach for Winlogbeats Config ? Please correct me if am wrong. Thanks !
Yes, that looks correct.
But, still I don't see any data on Kibana:
GET winlogbeat-2016.12.26-*/_count
{
"count": 0,
"_shards": {
"total": 0,
"successful": 0,
"failed": 0
}
}
And I tried creating Index like winlogbeat-2016.12.26-*, but Kibana couldn't identify the pattern. Please help me out. Thanks !
Try a query like GET winlogbeat-*/_count.
Thanks so so much you.
I logged in as elastic user, I do see the data now. 
Finally I made it with the help of you.
I was trying with the Kibana user, so I couldn't get any data.
Thank you very much for your support.
You guys rock.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
