I have a single server RKE cluster, with Rancher on top for testing. I then deployed elasticsearch and kibana using the helm charts to a namespace called elasticsearch.
I then install filebeat using the official elastic helm charts with something like this: helm install filebeat elastic/filebeat --namespace elasticsearch
Filebeat daemonset starts up, and turns green status, and I can see it is looking for logs in /var/log/containers/, but then when I go into Kibana and click "Index Management" there is no index created, and I would have expected one called filebeat-* or something like that.
I tried installing metricbeat using the same method, and it seems to work fine, with metric information going into an index called metricbeat-*
Is there some missing step you need to do if you are on an RKE/Rancher cluster?