./scripts/import_dashboards: No such file or directory

(charles) #1

I installed Filebeat 6 , i can find ./scripts/import_dashboards

please assist, only found

(Andrew Kroh) #2

See the Breaking Changes doc for 6.0. The Beat itself does the importing now.

(charles) #3

Thank you
Please send complete guide for ELK6
We have server for
1elastic search
2 kibana

Where should I install logstash beats(filebeat,packetbeat, backbeat)

(Andrew Kroh) #4

Each Beat has it's own set of documentation. You can have a look at the Getting Started section in each Beat's documentation. The docs are located here. You'll want to click the "other versions" link and select 6.0.0-beta2.

(charles) #5

Thanks, do I need to install the beats in the source server or in kibana /
elastic search server?

(Andrew Kroh) #6

You install the Beat on the server you want to monitor. It sends the data to Elasticsearch which is usually on a different server (but most people run them all on the same machine when they are getting started and learning).

(charles) #7

thank you

(charles) #8

my filebeat directory : /etc/filebeat/filebeat.yml

this commands

./filebeat setup -E "output.elasticsearch.username=elastic" -E "output.elasticsearch.password=changeme"

./filebeat setup -E "output.elasticsearch.username=elastic" -E "output.elasticsearch.password=changeme"
filebeat2017/09/19 08:00:25.187670 beat.go:629: CRIT Exiting: error loading config file: stat filebeat.yml: no such file or directory
Exiting: error loading config file: stat filebeat.yml: no such file or directory

CRIT Exiting: error loading config file: stat filebeat.yml: no such file or

(charles) #9

./filebeat setup -c /etc/filebeat/filebeat.yml "output.elasticsearch.username=elastic" -E "output.elasticsearch.password=changeme"
Exiting: Error loading Elasticsearch template: error creating template from file /usr/share/filebeat/bin/fields.yml: open /usr/share/filebeat/bin/fields.yml: no such file or directory

(Andrew Kroh) #10

How did you install Filebeat? Was it via RPM, deb, or tar.gz?

(charles) #11

yes i used RPM

(Andrew Kroh) #12

If it was via RPM or deb use /usr/bin/filebeat (or just filebeat since it's on your PATH) to execute Filebeat. This ensures that the path.* config options are set correctly.

filebeat setup -c /etc/filebeat/filebeat.yml -E "output.elasticsearch.username=elastic" -E "output.elasticsearch.password=changeme"

(charles) #13

Thank you very much
i manged to import dashboards for filebeat and metric beats

Packetbeat giving an error below:

packetbeat setup -c /etc/packetbeat/packetbeat.yml -E "output.elasticsearch.username=elastic" -E "output.elasticsearch.password=changeme"
Loaded index template
Exiting: Error importing Kibana dashboards: fail to create the Kibana loader: Error creating Kibana client: fail to get the Kibana version:HTTP GET request to /api/status fails: fail to execute the HTTP GET request: Get http://localhost:5601/api/status: dial tcp getsockopt: connection refused. Response: .

(charles) #14

it is ok

i added setup.kibana:
host: "myIP:5601"

(Andrew Kroh) #15

Is Kibana running locally? With ES and Kibana 6.x the dashboards are installed through an API in Kibana rather than writing directly to the .kibana index in Elasticsearch. This means Kibana needs to be up an running. If it's on a different host you can specify that using setup.kibana.host.

(charles) #16

Kibana - is running on its own VM
ES - on its own VM

Do i need to install below beats, ?


(charles) #17

Hi ,

please advice on the request below,

The generic error from instance:

Basically all errors appear in the x object, if it is empty and statuscode is 0 then it is successful.

"responseSeverity": "W" = warning
"responseSeverity": "S" = severe

We need to report on these variations in ELK and send a daily or weekly report by email/display on dashboard.

(Tudor Golubenco) #18

Sounds like you need to do parsing of the log messages. In the Elastic stack, we usually recommend Logstash's Grok filter for parsing.

(charles) #19

Thank you , do i need to use Logstash output instead?
how do i install Grok filter?
Does Grok Filter do alerts as well?

(charles) #20

i am getting this error

bin/logstash-plugin install logstash-filter-grok
OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N
URI::InvalidURIError: bad URI(is not URI?):
split at /usr/share/logstash/vendor/jruby/lib/ruby/1.9/uri/common.rb:176
parse at /usr/share/logstash/vendor/jruby/lib/ruby/1.9/uri/common.rb:210
parse at /usr/share/logstash/vendor/jruby/lib/ruby/1.9/uri/common.rb:747
URI at /usr/share/logstash/vendor/jruby/lib/ruby/1.9/uri/common.rb:994
extract_proxy_values_from_uri at /usr/share/logstash/lib/pluginmanager/proxy_support.rb:47
configure_proxy at /usr/share/logstash/lib/pluginmanager/proxy_support.rb:69
(root) at /usr/share/logstash/lib/pluginmanager/main.rb:26