I'm using the 14 day Elastic Cloud free trial and I'm trying to monitor a remote server using Kibana + Topbeat.
Since the Topbeat dashboard was not included by default in Kibana, I loaded them in using the official guide: https://www.elastic.co/guide/en/beats/libbeat/1.2/load-kibana-dashboards.html
Also, as per official Topbeat guide, I uploaded the Topbeat template as described here: https://www.elastic.co/guide/en/beats/topbeat/current/topbeat-template.html
I installed and configured Topbeat service on a server running Windows Server 2008 R2. In the 'topbeat.yml' file the index name is left as default (topbeat) and default template path.
After all these steps I expected to see the Topbeat dashboard in Kibana showing information about my server but I receive the following error when loading the dashboard:
Visualize: [index_not_found_exception] no such index, with: {"index":"[topbeat-*]"}
If I run Topbeat from the command line I see the following logs:
PS D:\topbeat> .\topbeat.exe -c topbeat.yml -e -v - d "*"
2016/08/25 14:55:35.392800 geolite.go:24: INFO GeoIP disabled: No paths were set under output.geoip.paths
2016/08/25 14:55:35.513800 outputs.go:126: INFO Activated elasticsearch as output plugin.
2016/08/25 14:55:35.515800 publish.go:288: INFO Publisher name: M20-EREGION
2016/08/25 14:55:35.526800 async.go:78: INFO Flush Interval set to: 1s
2016/08/25 14:55:35.528800 async.go:84: INFO Max Bulk Size set to: 50
2016/08/25 14:55:35.529800 beat.go:147: INFO Init Beat: topbeat; Version: 1.2.3
2016/08/25 14:55:35.532800 beat.go:173: INFO topbeat sucessfully setup. Start running.
2016/08/25 14:55:59.548800 single.go:126: INFO Connecting error publishing events (retrying): 404 Not Found
2016/08/25 14:55:59.549800 single.go:152: INFO send fail
2016/08/25 14:55:59.550800 single.go:159: INFO backoff retry: 1s
2016/08/25 14:56:00.566800 single.go:126: INFO Connecting error publishing events (retrying): 404 Not Found
2016/08/25 14:56:00.567800 single.go:152: INFO send fail
2016/08/25 14:56:00.567800 single.go:159: INFO backoff retry: 2s
2016/08/25 14:56:02.584800 single.go:126: INFO Connecting error publishing events (retrying): 404 Not Found
The topbeat.yml is configured to use the free trial cloud Elastic Search endpoint and the user/pass that I created it. I also tried specifing the elasticsearch host with http, https and no protocol altogheter and the result was the same.
Clearly, the Topbeat index is not defined in Kibana but I don't know why.
Can anyone help?
The protocol line was commented, I uncommented it but still the same errors.
This is what the elasticsearch section in my topbeat.yml config file looks like now:
The elasticsearch host URL is the one specified in the Elastic Cloud Endpoints section.
The user I used is a user I created with the role admin. It is the same user that I successfully used for the basic auth when I uploaded the topbeat template and kibana dashboards.
That looks good to me. Could you post the whole config so I can make sure the indentation is correct everywhere. Also, here is my complete config and sample log output for comparison.
One notable change from yours is that I have uncommented the template name field. I think this is required, but not represented correctly in the docs (I opened an issue).
Notice in my logs (from version 1.2.3) there is debug indicating that it's communicating successfully to the ES server ("Ping status code: 200"). It seems odd that those lines are missing from yours.
2016/08/30 16:30:53.524582 beat.go:135: DBG Initializing output plugins
2016/08/30 16:30:53.524624 geolite.go:24: INFO GeoIP disabled: No paths were set under output.geoip.paths
2016/08/30 16:30:53.524718 client.go:297: DBG ES Ping(url=https://1111111111222222233333333333.us-east-1.aws.found.io:9243, timeout=1m30s)
2016/08/30 16:30:54.180677 client.go:306: DBG Ping status code: 200
2016/08/30 16:30:54.180708 output.go:164: INFO Loading template enabled. Trying to load template: topbeat.template.json
2016/08/30 16:30:54.180722 client.go:325: DBG HEAD https://1111111111222222233333333333.us-east-1.aws.found.io:9243/_template/topbeat <nil>
2016/08/30 16:30:54.203231 output.go:188: INFO Template already exists and will not be overwritten.
2016/08/30 16:30:54.203257 outputs.go:126: INFO Activated elasticsearch as output plugin.
2016/08/30 16:30:54.203281 publish.go:232: DBG Create output worker
2016/08/30 16:30:54.203321 publish.go:274: DBG No output is defined to store the topology. The server fields might not be filled.
2016/08/30 16:30:54.203364 publish.go:288: INFO Publisher name: macbook13.data.sr.local.crowbird.com
2016/08/30 16:30:54.203548 async.go:78: INFO Flush Interval set to: 1s
2016/08/30 16:30:54.203564 async.go:84: INFO Max Bulk Size set to: 50
2016/08/30 16:30:54.203574 async.go:92: DBG create bulk processing worker (interval=1s, bulk size=50)
2016/08/30 16:30:54.203687 beat.go:147: INFO Init Beat: topbeat; Version: 1.2.3
2016/08/30 16:30:54.204366 topbeat.go:88: DBG Init topbeat
2016/08/30 16:30:54.204410 topbeat.go:89: DBG Follow processes [".*"]
2016/08/30 16:30:54.204424 topbeat.go:90: DBG Period 10s
2016/08/30 16:30:54.204434 topbeat.go:91: DBG System statistics true
2016/08/30 16:30:54.204443 topbeat.go:92: DBG Process statistics true
2016/08/30 16:30:54.204452 topbeat.go:93: DBG File system statistics true
2016/08/30 16:30:54.204461 topbeat.go:94: DBG Cpu usage per core false
2016/08/30 16:30:54.204588 beat.go:173: INFO topbeat sucessfully setup. Start running.
I re-installed Topbeat from the ground up using the official guide, this time on C: partition instead of D: and modified the yml file to match yours and it works! The logs show that is communicating successfully with ES server and I see the data from the server in Kibana.
Thank you for your help.
This thread may be closed.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
