Logs are not updating in elastic search just after installing Xpack

Right after installing xpack filebeat stopped shipping of logs in to elastic search. Do I need to do some sort of authentication setting? can someone please reply and help??


Yes, filebeat now needs to authenticate as a user with the right permissions. The specific documentation is pretty thorough, so please start from there and we can address any additional issues you might have setting this up.

Thanks for reply.

I need to know one more thing that I have installed xpack on KIbana and elastic search. So, do I need to install it on Logstash too??
Please reply.

Yes, you most probably do. Again, use the documentation as a starting point and we will be able to help further with any specific issues


I have followed the same link( https://www.elastic.co/guide/en/beats/filebeat/6.1/beats-basic-auth.html) & created specified user & role in kibana and then attached the user with that role.

Below are the settings which I did in filebeat.yml configuration file.

Array of hosts to connect to.

hosts: ["localhost:9200"]
index: "filebeat-%{+YYYY.MM.dd}"

Optional protocol and basic auth credentials.

#protocol: "https"
username: "filebeat_internal"
password: "elastic"

But still filebeat is not shipping the logs. can you tell what I am missing here?


The issue is resolved when I tried to pushed the logs directly from Filebeat to ElasticSearch.

I did the following to resolve it:

  1. Created user & role with some specified permission in Kibana and attached that user with that role.
  2. In the output section of ElasticSearch in Filebeat.yml. Provided the user & password of Filebeat internal user created in Kibana.
  3. Restart the services.

Now, suppose if I want to push the logs via logstash. so is it mandate to install xpack on logstash?? if yes, then what user & password I need to provide in the logstash.yml file??

can somebody please help me in that??


Yes you need to install X-Pack on Logstash too. I have shared the link to documentation above, the specific part that contains instructions for setting the authentication for the Elasticsearch output plugin of Logstash is this.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.