No filebeat index in Elasticsearch after running setup

stor314 · September 17, 2020, 5:51pm

New to filebeat, trying to get an index up and running in elasticsearch.

I followed this guide: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html but for some reason even after I run filebeat setup -e and start the Filebeat service there is no Filebeat index created in elasticsearch.

This is all on my local machine, filebeat.yml looks like the following:

filebeat.inputs:
- type: log
  paths:
    - C:/elk/logs/filebeatlog.log

output.elasticsearch:
  hosts: ["localhost:9200"]

Everything else is default.
in the log that I'm inputting there's only one line right now, something like

2020-09-14 13:19:35,067 INFO com.class.java.blahblah.blah [main] Text Text text

Didn't do any parsing on it or anything yet, is that my problem? Or is there certain priviledges I have to give filebeat like stated in this article: https://www.elastic.co/guide/en/beats/filebeat/master/privileges-to-publish-events.html ?

I'm really lost, I've had other indices created in ElasticSearch before from Logstash so I'm not sure if its an ES problem or not.

Any help is appreciated, I am a real newbie to all this stuff. Thanks.

warkolm · September 17, 2020, 10:12pm

What do the Filebeat logs show?

shaunak · September 17, 2020, 10:21pm

Yes, please post the Filebeat logs from start up through the first 10 seconds or so. It might help to run Filebeat with logging.level: debug set in your filebeat.yml so we can see debug-level logs.

You can also try to temporarily use output.console instead of output.elasticsearch to check if Filebeat is ingesting your logs and the problem is somewhere between Filebeat and Elasticsearch or with indexing your logs as documents into Elasticsearch.

system · October 16, 2020, 12:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.