green open .security-6 1ACQXZVzR-mmKpx-bjlpzA 1 0 3 0 10.5kb 10.5kb
yellow open .monitoring-es-6-2017.12.11 bdBlnT8bR1KoNKke_zOGMA 1 1 2834 188 1.7mb 1.7mb
yellow open .monitoring-kibana-6-2017.12.11 I1s68Y1YRpuwa-GxV8yzaA 1 1 162 0 186.3kb 186.3kb
yellow open .watches BvcTJl_eRHaBn2FmHiHW5w 1 1 5 0 33.4kb 33.4kb
yellow open metricbeat-2017.12.11 Mmnj1UD5QLqq-FLAW867qw 5 1 14480 0 5.6mb 5.6mb
yellow open .triggered_watches 5v_2YEZISfOeGDNFpamcYg 1 1 0 0 8.2kb 8.2kb
yellow open .kibana fr-A0g3aSXKDToCeMfQ7pg 1 1 194 19 534.4kb 534.4kb
yellow open **filebeat-2017.12.11** qo3NcqslSTOfCiZk3h-uHQ 1 1 28333 0 4.3mb 4.3mb
yellow open .monitoring-alerts-6 uZSYLUjzSHCd4maZZsgmIA 1 1 1 0 6.5kb 6.5kb
yellow open .watcher-history-6-2017.12.11 uHXXtAWLTgqN8050PMaSNw 1 1 252 0 319.9kb 319.9kb
If I try to create filebeat index, using this patern filebeat-* I get the error: Unable to fetch mapping. Do you have indices matching the pattern?
I get the same for metricbeat or filebeat, but it works for others like .monitoring-alerts.
I suspect that maybe the format of the filebeat or metricbeat are wrong, but the are produced by metricbeat and filebeat apps-beat so I don't know how to check this.
metricbeat version 6.0.0 (amd64), libbeat 6.0.0
filebeat version 6.0.1 (amd64), libbeat 6.0.1
Elasticsearch Version: 6.0.1
Kibana Version: 6.0.1
Metricbeat and Filebeat ar pushing the logs into elasticsearch directly
metricbeat index looks fine, but the filebeat one looks incorrect - it shouldn't have the ** on it. I just ran filebeat v 6.0.1 and my index was automatically named filebeat-6.0.1-2017.12.11. Perhaps there is an error in your filebeat.yml file?
Hello Stacey, the ** from my previous message was meant to make the filebeat look bold. In reality it look like this. filebeat-2017.12.11
these are some snippets of filebeat.yml config file which may be relevant
the thing is that, neither filebeat or metricbeat works in kibana, so I don't know what to try anymore. The last 4 days I spent trying to debug this thing and I just feel I should give up and move to graylog2.
What should I investigate to figure out what is happening?
That is strange indeed. Can you open up developer tools and see if there are any console errors? Also can you inspect the network tab and post the failed request?
Initially I was authenticating with the Kibana user instead of elastic user.
I am not sure if this should be the normal/expected behavior if you use the standard created user Kibana.
if this is the normal behavior, PLEASE add a more relevant error message. Like, the user doesn't have permission to add the index.
Please let me know if you want to investigate more.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.