Importing indicies for filebeat

alexserd · June 20, 2018, 8:11pm

I've deleted all data from elasticsearch which included indicies
invoke-webrequest -method delete http://localhost:9200/*
After the deletion the server was rebooted
I'm able to see filebeat-6.2.4 under http://localhost:9200/_template but it is not showing in kibana

GET _cat/indices
yellow open winlogbeat-6.2.4-2018.06.20 bpfQeGqlTpWBkGv8Jf7Ctw 3 1 192 0 912.7kb 912.7kb
green open .kibana -TZavKI7RduCG6pjgwqw5A 1 0 3 1 24.3kb 24.3kb

Is there a way to import the indicies back ?

exekias · June 20, 2018, 10:32pm

Hi @alexserd,

Indices and templates are something different. You should have indices back as soon as you start shipping new logs to your Elasticsearch.

Best regards

alexserd · June 21, 2018, 3:44pm

ok I guess I need to troubleshoot filebeat shipping - I'm able to start the service
here is flebeat.yml file

filebeat.prospectors:

type: log
paths:
- C:\inetpub\logs\LogFiles\W3SVC200*
fields:
iis: true
output.logstash:
hosts: ["sna-wsus01:5044"]

The filebeat log file is empty

alexserd · June 21, 2018, 4:04pm

It looks like filebeat is shipping the logs, when I run .\filebeat.exe -c filebeat.yml -e -d "*" I get the following output:

2018-06-21T09:02:01.617-0700 INFO instance/beat.go:308 filebeat stopped.
2018-06-21T09:02:01.618-0700 INFO [monitoring] log/log.go:132 Total non-zero metrics {"monitoring": {"metrics
": {"beat":{"cpu":{"system":{"ticks":250,"time":250},"total":{"ticks":1062,"time":1062,"value":1062},"user":{"ticks":812
,"time":812}},"info":{"ephemeral_id":"4ae0e3e9-41ba-46ab-8f65-e23c7abc6984","uptime":{"ms":180947}},"memstats":{"gc_next
":11395616,"memory_alloc":6169656,"memory_total":69678728,"rss":28819456}},"filebeat":{"events":{"active":4124,"added":4
129,"done":5},"harvester":{"closed":9,"open_files":0,"running":0,"started":9}},"libbeat":{"config":{"module":{"running":
0}},"output":{"type":"logstash"},"pipeline":{"clients":0,"events":{"active":4116,"failed":4,"filtered":9,"published":411
6,"retry":1694,"total":4129}}},"registrar":{"states":{"current":1,"update":1},"writes":3},"system":{"cpu":{"cores":4}}}}
}
2018-06-21T09:02:01.620-0700 INFO [monitoring] log/log.go:133 Uptime: 3m0.9502076s
2018-06-21T09:02:01.620-0700 INFO [monitoring] log/log.go:110 Stopping metrics logging.

I still see no indices in Kibana

system · July 19, 2018, 4:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.