I am new to Elastic Stack and currently just "finished" my installation but I am not receiving any data in Kibana. I installed version 5.6.2 of Elasticsearch, Logstash, Kibana, and X-Pack all on the same host. I used netstat and see that the connections are established but no data.
I installed Filebeat on a different host and pointed it to my Elastic Stack server IP and port (tried both 5043 and 5044).
I switched the logging to debug mode. Here is the latest from the filebeat logs:
2017-10-01T16:03:29-04:00 DBG Disable stderr logging
2017-10-01T16:03:29-04:00 INFO Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2017-10-01T16:03:29-04:00 INFO Setup Beat: filebeat; Version: 5.6.2
2017-10-01T16:03:29-04:00 DBG Processors:
2017-10-01T16:03:29-04:00 DBG Initializing output plugins
2017-10-01T16:03:29-04:00 INFO Max Retries set to: 3
2017-10-01T16:03:29-04:00 INFO Activated logstash as output plugin.
2017-10-01T16:03:29-04:00 DBG Create output worker
2017-10-01T16:03:29-04:00 DBG No output is defined to store the topology. The server fields might not be filled.
2017-10-01T16:03:29-04:00 INFO Publisher name: ubuntu-gnome
2017-10-01T16:03:29-04:00 INFO Flush Interval set to: 1s
2017-10-01T16:03:29-04:00 INFO Max Bulk Size set to: 2048
2017-10-01T16:03:29-04:00 DBG create bulk processing worker (interval=1s, bulk size=2048)
2017-10-01T16:03:29-04:00 INFO filebeat start running.
2017-10-01T16:03:29-04:00 INFO Metrics logging every 30s
2017-10-01T16:03:29-04:00 INFO Registry file set to: /var/lib/filebeat/registry
2017-10-01T16:03:29-04:00 INFO Loading registrar data from /var/lib/filebeat/registry
2017-10-01T16:03:29-04:00 INFO States Loaded from registrar: 9
2017-10-01T16:03:29-04:00 INFO Loading Prospectors: 1
2017-10-01T16:03:29-04:00 DBG File Configs: [/var/log/*.log]
2017-10-01T16:03:29-04:00 INFO Start sending events to output
2017-10-01T16:03:29-04:00 DBG exclude_files: []
2017-10-01T16:03:29-04:00 INFO Starting Registrar
2017-10-01T16:03:29-04:00 DBG New state added for /var/log/bootstrap.log
2017-10-01T16:03:29-04:00 DBG New state added for /var/log/casper.log
2017-10-01T16:03:29-04:00 DBG New state added for /var/log/dpkg.log
2017-10-01T16:03:29-04:00 DBG New state added for /var/log/kern.log
2017-10-01T16:03:29-04:00 DBG New state added for /var/log/boot.log
2017-10-01T16:03:29-04:00 DBG New state added for /var/log/auth.log
2017-10-01T16:03:29-04:00 DBG New state added for /var/log/fontconfig.log
2017-10-01T16:03:29-04:00 DBG New state added for /var/log/gpu-manager.log
2017-10-01T16:03:29-04:00 DBG New state added for /var/log/alternatives.log
2017-10-01T16:03:29-04:00 INFO Prospector with previous states loaded: 9
2017-10-01T16:03:29-04:00 INFO Starting spooler: spool_size: 2048; idle_timeout: 5s
2017-10-01T16:03:29-04:00 INFO Starting prospector of type: log; id: 17005676086519951868
2017-10-01T16:03:29-04:00 INFO Loading and starting Prospectors completed. Enabled prospectors: 1
2017-10-01T16:03:29-04:00 DBG Start next scan
2017-10-01T16:03:29-04:00 DBG Check file for harvesting: /var/log/auth.log
2017-10-01T16:03:29-04:00 DBG Update existing file for harvesting: /var/log/auth.log, offset: 18306
2017-10-01T16:03:29-04:00 DBG Resuming harvesting of file: /var/log/auth.log, offset: 18306
2017-10-01T16:03:29-04:00 DBG Set previous offset for file: /var/log/auth.log. Offset: 18306
2017-10-01T16:03:29-04:00 DBG Setting offset for file: /var/log/auth.log. Offset: 18306
2017-10-01T16:03:29-04:00 DBG Check file for harvesting: /var/log/dpkg.log
2017-10-01T16:03:29-04:00 DBG Update existing file for harvesting: /var/log/dpkg.log, offset: 1199180
2017-10-01T16:03:29-04:00 DBG File didn't change: /var/log/dpkg.log
2017-10-01T16:03:29-04:00 DBG Check file for harvesting: /var/log/fontconfig.log
2017-10-01T16:03:29-04:00 DBG Update existing file for harvesting: /var/log/fontconfig.log, offset: 4204
2017-10-01T16:03:29-04:00 DBG File didn't change: /var/log/fontconfig.log
2017-10-01T16:03:29-04:00 DBG Check file for harvesting: /var/log/alternatives.log
2017-10-01T16:03:29-04:00 DBG Update existing file for harvesting: /var/log/alternatives.log, offset: 37199
2017-10-01T16:03:29-04:00 DBG File didn't change: /var/log/alternatives.log
2017-10-01T16:03:29-04:00 DBG Check file for harvesting: /var/log/boot.log
2017-10-01T16:03:29-04:00 DBG Update existing file for harvesting: /var/log/boot.log, offset: 1841
2017-10-01T16:03:29-04:00 DBG File didn't change: /var/log/boot.log
2017-10-01T16:03:29-04:00 DBG Check file for harvesting: /var/log/bootstrap.log
2017-10-01T16:03:29-04:00 DBG Update existing file for harvesting: /var/log/bootstrap.log, offset: 59400
2017-10-01T16:03:29-04:00 DBG File didn't change: /var/log/bootstrap.log
2017-10-01T16:03:29-04:00 DBG Check file for harvesting: /var/log/casper.log
2017-10-01T16:03:29-04:00 DBG Update existing file for harvesting: /var/log/casper.log, offset: 1807
2017-10-01T16:03:29-04:00 DBG File didn't change: /var/log/casper.log
2017-10-01T16:03:29-04:00 DBG Check file for harvesting: /var/log/gpu-manager.log
2017-10-01T16:03:29-04:00 DBG Update existing file for harvesting: /var/log/gpu-manager.log, offset: 2107
2017-10-01T16:03:29-04:00 DBG File didn't change: /var/log/gpu-manager.log
2017-10-01T16:03:29-04:00 DBG Check file for harvesting: /var/log/kern.log
2017-10-01T16:03:29-04:00 DBG Update existing file for harvesting: /var/log/kern.log, offset: 116097
2017-10-01T16:03:29-04:00 DBG Resuming harvesting of file: /var/log/kern.log, offset: 116097
2017-10-01T16:03:29-04:00 DBG Set previous offset for file: /var/log/kern.log. Offset: 116097
2017-10-01T16:03:29-04:00 DBG Setting offset for file: /var/log/kern.log. Offset: 116097
2017-10-01T16:03:29-04:00 INFO Harvester started for file: /var/log/auth.log
2017-10-01T16:03:29-04:00 DBG Prospector states cleaned up. Before: 9, After: 9
2017-10-01T16:03:29-04:00 INFO Harvester started for file: /var/log/kern.log
2017-10-01T16:03:29-04:00 DBG End of file reached: /var/log/auth.log; Backoff now.
2017-10-01T16:03:29-04:00 DBG End of file reached: /var/log/kern.log; Backoff now.
2017-10-01T16:03:30-04:00 DBG End of file reached: /var/log/auth.log; Backoff now.
2017-10-01T16:03:30-04:00 DBG End of file reached: /var/log/kern.log; Backoff now.
2017-10-01T16:03:32-04:00 DBG End of file reached: /var/log/kern.log; Backoff now.
2017-10-01T16:03:32-04:00 DBG End of file reached: /var/log/auth.log; Backoff now.
2017-10-01T16:03:34-04:00 DBG Flushing spooler because of timeout. Events flushed: 15
Yup. I just disabled X-Pack security for Elasticsearch and everything is working. I added xpack.security.enabled: false to the bottom of elasticsearch.yml and now I'm able to define a index pattern.
Why would this stop me from receiving data? Authentication?
It wouldn't because you defined the user and password in the Logstash config.
Is there anything in the Logstash logs about indexing failures due to bad authentication with Elasticsearch?
The problem was that I was using the built-in kibana user which doesn't have the permission to search any indices. I switched to the elastic user and the data appeared. Now I can start creating roles and applying those roles to users.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.