No filebeat index in Elasticsearch after running setup

New to filebeat, trying to get an index up and running in elasticsearch.

I followed this guide: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html but for some reason even after I run filebeat setup -e and start the Filebeat service there is no Filebeat index created in elasticsearch.

This is all on my local machine, filebeat.yml looks like the following:

filebeat.inputs:
- type: log
  paths:
    - C:/elk/logs/filebeatlog.log

output.elasticsearch:
  hosts: ["localhost:9200"]

Everything else is default.
in the log that I'm inputting there's only one line right now, something like

2020-09-14 13:19:35,067 INFO com.class.java.blahblah.blah [main] Text Text text

Didn't do any parsing on it or anything yet, is that my problem? Or is there certain priviledges I have to give filebeat like stated in this article: https://www.elastic.co/guide/en/beats/filebeat/master/privileges-to-publish-events.html ?

I'm really lost, I've had other indices created in ElasticSearch before from Logstash so I'm not sure if its an ES problem or not.

Any help is appreciated, I am a real newbie to all this stuff. Thanks.

What do the Filebeat logs show?

Yes, please post the Filebeat logs from start up through the first 10 seconds or so. It might help to run Filebeat with logging.level: debug set in your filebeat.yml so we can see debug-level logs.

You can also try to temporarily use output.console instead of output.elasticsearch to check if Filebeat is ingesting your logs and the problem is somewhere between Filebeat and Elasticsearch or with indexing your logs as documents into Elasticsearch.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.