Not seeing the logs data in Kibana

Elastic Stack Elasticsearch
1

HI All,

I am newbie to ElasticSearch and Kibana. I had set up the configuration as FileBeat --> ElasticSearch --> Kiabana.
All the 3 instances are started properly and pointed FileBeat to log file in one of the folder and can see Filebeat pusing the events to ElasticSearch. Can see indices created in ElasticSearch with the rest api /indices with some sandome name filebeat*..

Bu I am not finding that logs in Kibana when tried to discovery for it. Confused where went wrong.
Sample log entries are below.

{"name:jonson","type":"employee","state":"AZ"}
{"name:jonson","type":"employee","state":"AZ"}
{"name:jonson","type":"employee","state":"AZ"}
{"name:jonson","type":"employee","state":"AZ"}

Read is some of the ElasticSearch documentation that I need to create some data mappings and indexes.
Would some one please advise

2

Hi,

firstly check the indices name in your elasticsearch which is used for fetching the data in kibana.
because kibana create the index using same name as indices in elasticsearch.

check the settings in kibana for index option . it should be marked as "" (for fetching any type of data).
Also while creating index on kibana mention the pattern as "filebeat-" as your indices name will have filebeat prefix.

Also if problem still exist plz send the error on kibana page which you are facing.

3

Thanks Pooja for your response. Followed the steps that was you mentioned and I can see the logs in Kibana.

Would you please clarify the below.

  1. Does it mandatory to create data mappings for the data that we want to push
  2. What should I do if I want to create index with meaningful name

Other issue is, I am not seeing the fields(name/employee/state) when selected terms for x-axis/y-axis when I tried to create bar chart

4

Hi @Narasimha_Gajje

Does it mandatory to create data mappings for the data that we want to push
Yes, we have to make a settings for fetching any data that we want to push. if your data name is abc-xx then you have to mention that prefix while creating a index for the same after that it will fetch all data related to that index.

What should I do if I want to create index with meaningful name
You should have to mention the some meaningful name for better understanding and also remember the data. As i told earlier if your indices name as "filebeat-xxx" then you should mention the prefix "filebeat."
For creating your own index there is no any rule for naming convention but remember a point the index name in elasticsearch and kibana should be same.

Other issue is, I am not seeing the fields(name/employee/state) when selected terms for x-axis/y-axis when I tried to create bar chart

For this can you please share screenshot of your visualization chart and which error you are facing?

5

Mappings: not mandatory, but useful in most cases and recommended. If you create a mapping with field name and proper data type, you would be able to store a number as a number instead of a string by default. It will help in visualizations as well.

Index name: if you send data to ElasticSearch from Logstash, you need to set index name in output section. If you are directly sending from beats, you can still set index name the way you want.
For example: if you need to configure filebeat to ElasticSearch, pls refer below link:
https://www.elastic.co/guide/en/beats/filebeat/master/elasticsearch-output.html

For Logstash:
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html

Guide is pretty much enough for most configurations.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.