Kibana Discover tab and Index Patterns shows nothing after creating Filebeat default index

devesh.mehta · June 11, 2018, 2:42pm

Hi,

My newly configured ELK stop working after I created the first index for Filebeat.

[root@elk01 optimize]# curl http://elk01:9200/_cat/indices?v
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
yellow open %{[@metadata][beat]}-%{[@metadata][version]}-2018.06.11 mHUgOVruShy4CdHSgIB7lg 5 1 129452 0 23.6mb 23.6mb
yellow open logstash g0g5RZ9FQTurShiTr9w4oA 5 1 0 0 1.1kb 1.1kb
green open .kibana 4nW-BxsPTdm5XMP9VsWDcQ 1 0 2 0 8.2kb 8.2kb
yellow open logstash-2018.06.11 B6ZKNp3QQ6SqUuZ1iFgx3w 5 1 130641 0 14.3mb 14.3mb
yellow open filebeat-6.2.4-2018.06.11 ILItRVpqS8KO9EvaHYdX8w 3 1 1196 0 802.5kb 802.5kb

I am new to ELK so could you please suggest how to configure Kibana for the NGINX logs collected by Filebeat in Logstash.

Thanks
Devesh

pierhugues · June 11, 2018, 2:52pm

From what I see in the provided screenshot, you are hitting a 404? Can you take a look at the Kibana logs to see if there is more information?

devesh.mehta · June 11, 2018, 4:12pm

Thanks Pier-Hugues for your reply.

It looks inconsistent state of the default index pattern configuration is the reason. Could you provide the command line query to reset it to fresh installation.

After creating filebeat Index Patterns in Kibana I start getting this error given in screenshot.

Below msg I found in Kibana logs

{"type":"response","@timestamp":"2018-06-11T16:06:23Z","tags":,"pid":6356,"method":"get","statusCode":304,"req":{"url":"/ui/favicons/favicon-32x32.png","method":"get","headers":{"host":"","x-real-ip":"10.82.225.21","x-forwarded-for":"10.82.225.21","connection":"close","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36","accept":"image/webp,image/apng,image/,/*;q=0.8","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":""8e183c2e644fb050707d89402e1f7a120a95e4d2"","if-modified-since":"Thu, 12 Apr 2018 20:58:09 GMT"},"remoteAddress":"10.82.225.26","userAgent":"10.82.225.26"},"res":{"statusCode":304,"responseTime":18,"contentLength":9},"message":"GET /ui/favicons/favicon-32x32.png 304 18ms - 9.0B"}

{"type":"response","@timestamp":"2018-06-11T16:06:23Z","tags":,"pid":6356,"method":"get","statusCode":304,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"","x-real-ip":"10.82.225.21","x-forwarded-for":"10.82.225.21","connection":"close","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36","accept":"image/webp,image/apng,image/,/*;q=0.8","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":""13b869be5df4bdc56920edc16a28e67a7c08203b"","if-modified-since":"Thu, 12 Apr 2018 20:58:09 GMT"},"remoteAddress":"10.82.225.26","userAgent":"10.82.225.26"},"res":{"statusCode":304,"responseTime":3,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 304 3ms - 9.0B"}

I try to load filebeat logs directly in elasticsearch following the information from Nginx module | Filebeat Reference [8.11] | Elastic

But it also gave me the below error.

Kibana logs

{"type":"response","@timestamp":"2018-06-11T16:11:43Z","tags":,"pid":6356,"method":"get","statusCode":304,"req":{"url":"/ui/favicons/favicon-32x32.png","method":"get","headers":{"host":"","x-real-ip":"10.82.225.21","x-forwarded-for":"10.82.225.21","connection":"close","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36","accept":"image/webp,image/apng,image/,/*;q=0.8","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","if-none-match":""8e183c2e644fb050707d89402e1f7a120a95e4d2"","if-modified-since":"Thu, 12 Apr 2018 20:58:09 GMT"},"remoteAddress":"10.82.225.26","userAgent":"10.82.225.26"},"res":{"statusCode":304,"responseTime":1,"contentLength":9},"message":"GET /ui/favicons/favicon-32x32.png 304 1ms - 9.0B"}

It would be great if you can provide details of creating the index pattern for filebeat.

Thanks
Devesh

system · July 9, 2018, 4:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.