Unable to create a Kibana Index pattern

Maria_Elle · January 23, 2021, 8:03pm

I am using an Ubuntu machine, and I have just finished downloading all of ELK onto it, I now want to create a Kibana Index pattern with Filebeat but it is not allowing me to do so. How can I fix this issue or find out why it's happening? Thank you!

.

LizaD · January 23, 2021, 9:39pm

Hi @Maria_Elle,

Can you check to see filebeat is running and connected successfully to elasticsearch?

Thanks,
Liza

Maria_Elle · January 23, 2021, 9:55pm

Hi, I checked the status of filbeat, as shown in the screenshot below, it seems like it is running.

Thank you for helping.

elasticforme · January 23, 2021, 10:21pm

These does not mean data is being reach to elastic cluster and saved as index. this means daemon filebeat is running.

what is your filebeat.yml file on output section. are you directly sending to elk node?

Maria_Elle · January 23, 2021, 10:40pm

Okay I understand, I am very new to ELK and currently trying to learn how to input a log file into Elasticsearch.

Right now this is what my filebeat.yml looks like for output. Do I need to configure it another way so it is communicating correctly to Elasticsearch?

Thank you so much for your help!

elasticforme · January 23, 2021, 10:52pm

do you have setup any kind of login in to kibana/elk? if yes you have to enable
username
password

default login is elastic:changeme

run this from your command line

curl -XGET localhost:9200/_cluster/health?pretty

{
"cluster_name" : "mycluster-1",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 21,
"active_shards" : 40,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}

then it is without password.
if you need password you do

curl -u elastic:changeme localhost:9200/_cluster/health?pretty

Maria_Elle · January 23, 2021, 11:13pm

I do believe I have a username and a password that I created before when I was installing nginx. I used this command, changed the username at the end and entered a password when it prompted me to. sudo htpasswd -c /etc/nginx/htpasswd.users kibanaadmin

Below is the output of the first command you suggested. How can I enable the username/password?

Again, thank you very much for the help!

elasticforme · January 24, 2021, 1:19am

Don't worry about usename/password. first get your cluster up in green make sure you can connect from kibana and then concentrate on putting data in it.

it looks like it cluster is up but it is in yellow stat as you have one unassigned shards

run this
curl -XGET localhost:9200/_cat/shards?pretty
see one shard it is complaining about.

Maria_Elle · January 24, 2021, 1:54am

I ran the command and this was the output, I don't quite know what it means.

Thank you for your help, I appreciate it!

elasticforme · January 25, 2021, 2:38pm

you can delete this index. restart your elastic stack and it will create new index. which version of ELK is this? this looks older version ( from logo)

curl -XDELETE localhost:9200/.kibana

Restart cluster
check it status.

Topic		Replies	Views
Not able to see filebeat-* index pattern in kibana Kibana	9	1299	May 17, 2018
Filebeat index pattern Beats filebeat	7	1951	June 22, 2017
Unable to create filebeat-* index pattern in kibana 7.11 after running filebeat Kibana	18	1611	March 20, 2021
Kibana unable to load index in Elasticsearch Kibana	9	3127	May 4, 2020
How to create filebeat index pattern in kibana? Kibana	3	1989	February 8, 2017

Unable to create a Kibana Index pattern

Related topics