Logs are not updating in elastic search just after installing Xpack

sweta_khandelwal · February 1, 2018, 11:58am

Right after installing xpack filebeat stopped shipping of logs in to elastic search. Do I need to do some sort of authentication setting? can someone please reply and help??

ikakavas · February 1, 2018, 3:32pm

Hi,

Yes, filebeat now needs to authenticate as a user with the right permissions. The specific documentation is pretty thorough, so please start from there and we can address any additional issues you might have setting this up.

sweta_khandelwal · February 2, 2018, 5:24am

Thanks for reply.

I need to know one more thing that I have installed xpack on KIbana and elastic search. So, do I need to install it on Logstash too??
Please reply.

ikakavas · February 2, 2018, 7:29am

Yes, you most probably do. Again, use the documentation as a starting point and we will be able to help further with any specific issues

sweta_khandelwal · February 2, 2018, 10:03am

Hi,

I have followed the same link( https://www.elastic.co/guide/en/beats/filebeat/6.1/beats-basic-auth.html) & created specified user & role in kibana and then attached the user with that role.

Below are the settings which I did in filebeat.yml configuration file.
output.elasticsearch:

Array of hosts to connect to.

hosts: ["localhost:9200"]
index: "filebeat-%{+YYYY.MM.dd}"

Optional protocol and basic auth credentials.

#protocol: "https"
username: "filebeat_internal"
password: "elastic"

But still filebeat is not shipping the logs. can you tell what I am missing here?

sweta_khandelwal · February 2, 2018, 11:33am

Hi,

The issue is resolved when I tried to pushed the logs directly from Filebeat to ElasticSearch.

I did the following to resolve it:

Created user & role with some specified permission in Kibana and attached that user with that role.
In the output section of ElasticSearch in Filebeat.yml. Provided the user & password of Filebeat internal user created in Kibana.
Restart the services.

Now, suppose if I want to push the logs via logstash. so is it mandate to install xpack on logstash?? if yes, then what user & password I need to provide in the logstash.yml file??

sweta_khandelwal · February 14, 2018, 6:51am

can somebody please help me in that??

ikakavas · March 8, 2018, 1:55pm

Hi,

Yes you need to install X-Pack on Logstash too. I have shared the link to documentation above, the specific part that contains instructions for setting the authentication for the Elasticsearch output plugin of Logstash is this.

system · April 5, 2018, 1:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.