Unable to create a Kibana Index pattern

I am using an Ubuntu machine, and I have just finished downloading all of ELK onto it, I now want to create a Kibana Index pattern with Filebeat but it is not allowing me to do so. How can I fix this issue or find out why it's happening? Thank you!


Hi @Maria_Elle,

Can you check to see filebeat is running and connected successfully to elasticsearch?


Hi, I checked the status of filbeat, as shown in the screenshot below, it seems like it is running.

Thank you for helping.

These does not mean data is being reach to elastic cluster and saved as index. this means daemon filebeat is running.

what is your filebeat.yml file on output section. are you directly sending to elk node?

Okay I understand, I am very new to ELK and currently trying to learn how to input a log file into Elasticsearch.

Right now this is what my filebeat.yml looks like for output. Do I need to configure it another way so it is communicating correctly to Elasticsearch?

Thank you so much for your help!

do you have setup any kind of login in to kibana/elk? if yes you have to enable

default login is elastic:changeme

run this from your command line

curl -XGET localhost:9200/_cluster/health?pretty

"cluster_name" : "mycluster-1",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 21,
"active_shards" : 40,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0

then it is without password.
if you need password you do

curl -u elastic:changeme localhost:9200/_cluster/health?pretty

I do believe I have a username and a password that I created before when I was installing nginx. I used this command, changed the username at the end and entered a password when it prompted me to. sudo htpasswd -c /etc/nginx/htpasswd.users kibanaadmin

Below is the output of the first command you suggested. How can I enable the username/password?

Again, thank you very much for the help!

Don't worry about usename/password. first get your cluster up in green make sure you can connect from kibana and then concentrate on putting data in it.

it looks like it cluster is up but it is in yellow stat as you have one unassigned shards

run this
curl -XGET localhost:9200/_cat/shards?pretty
see one shard it is complaining about.

I ran the command and this was the output, I don't quite know what it means.

Thank you for your help, I appreciate it!

you can delete this index. restart your elastic stack and it will create new index. which version of ELK is this? this looks older version ( from logo)

curl -XDELETE localhost:9200/.kibana

Restart cluster
check it status.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.