Kibana not seeing filebeat index

I'm trying to setup the elk stack on my machine. I have both elasticsearch and logstash outputs enabled in the filebeat yml config file, and they both seem to be doing fine. When querying the elasticsearch index on /_cat/indices i'm getting filebeat-2017.08.09 with 54000 docs, so there's definitely data there.
When logging into the Kibana UI, under management, no matter how i try, i'm unable to get a match for indices named filebeat-*. Is this a timing issue, a auth issue, is it something else?

I'm deploying the stack locally using docker compose. I've made sure that the kibana elasticsearch host, user and password are set correctly, and i'm not seeing any log errors regarding auth failures. Is the index discovery service suppose to hit elasticseach directly, because i'm not seeing any traffic in that regard. Is there any variable that i can update in the kibana config that would increase the ES index read frequency?

Thanks in advance

EDIT:
the .kibana index seems to only hold one document, which seems to come from xPackMonitoring

Thanks for mentioning that you are using xPackMonitoring. Did you login to Kibana with a user that has access to the filebeat-* indices? If you use a user with superuser permissions you should be able to rule out security permissions. Finally, can you try doing the /_cat/indices request in the "Dev Tools" app? Do the filebeat indices show up there?

I worked around the issue by disabling xpack auth in both es and kibana for now. I'll reenable them and give you a report. The user i was logging in with certainly did not have a superuser role, since it was the default kibana user (i think the role was something like system_user??)

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.