Kibana has no results

kmrychl · February 17, 2017, 7:13pm

My kibana has no results and I can't figure out why. I'm not sure if my filebeat is not forwarding to logstash or if my logstash is not going to elastic search. Everything is configured correctly from what I can tell. There was an old node in filebeat that is still showing when I curl the local host:9200, but my new node never binds so I'm not getting incoming logging data.

Any ideas?

my elasticsearch log:

> [2017-02-17T13:46:05,305][INFO ][o.e.p.PluginsService     ] [Od5y99C] loaded module [transport-netty4]
> [2017-02-17T13:46:05,305][INFO ][o.e.p.PluginsService     ] [Od5y99C] no plugins loaded
> [2017-02-17T13:46:12,326][INFO ][o.e.n.Node               ] initialized
> [2017-02-17T13:46:12,329][INFO ][o.e.n.Node               ] [Od5y99C] starting ...
> [2017-02-17T13:46:12,602][INFO ][o.e.t.TransportService   ] [Od5y99C] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}
> [2017-02-17T13:46:15,700][INFO ][o.e.c.s.ClusterService   ] [Od5y99C] new_master {Od5y99C}{Od5y99C8QQankcgtPNRyTQ}{fvW0ioB3SXO1myc_FRnMiw}{localhost}{127.0.0.1:9300}, reason: zen-disco-elected-as-master ([0] nodes joined)
> [2017-02-17T13:46:15,750][INFO ][o.e.h.HttpServer         ] [Od5y99C] publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200}
> [2017-02-17T13:46:15,750][INFO ][o.e.n.Node               ] [Od5y99C] started
> [2017-02-17T13:46:16,846][INFO ][o.e.g.GatewayService     ] [Od5y99C] recovered [37] indices into cluster_state
> [2017-02-17T13:46:24,750][INFO ][o.e.c.r.a.AllocationService] [Od5y99C] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[filebeat-2017.01.09][4], [filebeat-2017.01.09][0], [.kibana][0]] ...]).

warkolm · February 18, 2017, 10:12pm

What data is in ES? Check with _cat/indices.

kmrychl · February 20, 2017, 2:22pm

$ curl -XGET 'localhost:9200/_cat/indices?pretty'                                                                                            yellow open shakespeare   diznmBfoQBmihM2nMBKHFQ 5 1 111396   0  27.7mb  27.7mb
yellow open website       Yf2Y6So8Q8OQZhjZMcs78w 5 1      3   0  14.1kb  14.1kb
yellow open blogs         Tia8ZQETTx2lJCf1cH8JQw 3 2      0   0    480b    480b
yellow open testindex2.17 r8oIe_awTuGaG5t5YoxIdQ 5 1      0   0    650b    650b
yellow open .kibana       AFceg7xiQn-s-PjUUxRDLw 1 1    106 105 205.2kb 205.2kb
yellow open test          dsrytnO2Qj2m-IkCV9il5w 5 1      2   0 168.2kb 168.2kb

warkolm · February 20, 2017, 8:23pm

There's no filebeat related indices there that I can see, so I'd check LS to make sure it's ok.
Start simple, use a stdout in your output.

kmrychl · February 20, 2017, 8:48pm

Is this what you mean?

   output {
      elasticsearch {
        hosts => ["localhost:9200"]
        sniffing => true
        manage_template => false
        index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
        document_type => "%{[@metadata][type]}"
        stdout { codec => rubydebug }
     }
    }

warkolm · February 20, 2017, 8:49pm

Almost, the stdout needs to be outside the ES section.

system · March 20, 2017, 8:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.