I have a server running ElasticSearch. It's working and receiving logs from a bunch of our VM's. On a different server on the network I have installed Filebeat. This server stores JSON logs from another application. I am attempting to use Filebeat to process the JSON logs and send them to the ElasticSearch server on the network. But in Kibana, I am not seeing any results from these JSON logs like I am seeing for the other logs coming from the VM's.
I am pretty confident I have Filebeat configured correctly.
- Running filebeat -configtest -e shows everything is OK.
- Under C:\Program Files\Filebeat\logs I see log file created showing that harvesters are starting and closing.
In Kibana, I've setup the index pattern. There are two, winlogbeat* which is working and has events from the VMs; and another filebeat-* which is giving no results.
In my yml config file for filebeat I have have the ElasticSearch output enabled. If I copy the host address/port from the yml ElasticSearch output and paste it in to the browser on the server that has Filebeat on it, I get a JSON file to download that shows the ELK servers name, cluster_name, cluster_uuid, etc...
What am I missing? Are there any other log files I can collect for further troubleshooting?