Unable to fetch the indices in Kibana. Option greyed out

Sushma · December 22, 2016, 10:27am

Hi,

I installed Kibana-4.6.1 on windows server std 2012. Also successfully installed elasticsearch,logstash,filebeat,packetbeat. After installation I could open the kibana url through browser but could not fetch the index. I get a grayed button and could not create any index. I tried entering logstash-* , filebeat-* (after inputting the data ), still the grayed button does not disapper. Please help!

Thanks & Regards,
Sushma.

tylersmalley · December 22, 2016, 4:26pm

This probably means that there is no data in Elasticsearch. Have you configured logstash/filebeat/etc to point to your Elasticsearch instance?

You can inspect the indexes which exist by using the cat API: http://localhost:9200/_cat/indices

Sushma · December 23, 2016, 5:56am

Hi Smalley,

The result to URL http://localhost:9200/_cat/indices is

yellow open .kibana 1 1 1 0 3.1kb 3.1kb

Below is my logstash.json file:

input {
beats {
port => 5044
type => "log"
}
}
filter {
mutate {
strip => "message"
}

grok {
	match => { "message" => "%{NUMBER:head:int} \- \{%{NUMBER:pid:int}\} \[%{NUMBER:unixTime:float}\] %{GREEDYDATA:logdata}" }
}

#if "path" =~ ".+test.+" {
	if [logdata] =~ "^incentiveFetch beginning.+" {
		mutate {
			add_tag => [ "start_tag" ]
		}
	}
	
	if [logdata] =~ "^Done.+incentiveFetch.+" {
		mutate {
			add_tag => [ "end_tag" ]
		}
	}
#}

if [logdata] =~ "^msg.+" {
	grok {
		match => { logdata => "msg execution time \= %{NUMBER:execTime:float}" }
	}
}

date {
	match => [ "unixTime", "UNIX" ]
}

output {
elasticsearch {
hosts => "153.71.95.131:9200"
index => ["ams3"]
}

file { path => "C:\ElK-Stack\logstash\debug\out2.log" }
}

Note: 153.71.95.131 is my VM IP. In the json file I configured to send the output to elasticsearch.

And below are the changes that I made to the default filebeat.yml file:

Indexing of logs from my device.
#- /var/log/*.log
#- C:\inetpub\logs\LogFiles**
- E:\logs\AMS\test3
- E:\logs\AMS\test3_2

Specified logstash as output:

The Logstash hosts

hosts: ["153.71.95.131:5044"]

Let me know what all changes I am missing.

Thanks & Regards,
Sushma.

ppisljar · December 23, 2016, 1:00pm

what does the logstash output say ? (you could try to add rubydebug output to your logstash.conf to see whats happening)

output {
#  stdout { codec => rubydebug { metadata => true } }
  stdout { codec => dots }
  elasticsearch { .... }
}

Sushma · December 29, 2016, 8:15am

Hi,

As said, I removed the following lines:

output {
elasticsearch {
hosts => "153.71.95.131:9200"
index => ["ams3"]
}

from my existing logstash.json file and added the lines that you have specified.

Restarted the elastic-search service for the changes to take into effect.

Once done opened the Kibana page to create index, still unsuccessful. Think that my logstash is not working or

some files missing. Please check. Let me know if you need any more information.

Thanks & Regards,
Sushma.

ppisljar · December 29, 2016, 10:49am

you should not remove those lines .... now logstash is not sending to es at all .... you should jsut add additional output so you can see whats going on.

output {
  stdout { codec => rubydebug { metadata => true } }
  elasticsearch {
    hosts => "153.71.95.131:9200"
    index => ["ams3"]
  }
}

Sushma · December 29, 2016, 11:58am

Hi,

Did the same as mentioned, after which restarted the elastic search service. Still it does not show up anything.

Thanks & Regards,
Sushma.

Sushma · December 30, 2016, 5:45am

Hi,

Any update please? I could not proceed further. I am pretty sure that there is some problem with my logstash configuration, because of which it is not working, but where and how to resolve is I could not get it.
Request anyone to help.

Thanks & Regards,
Sushma.

ppisljar · December 30, 2016, 6:54am

what was the output of logstash ? did it say everything is OK ? did the records look ok ?

whats the response of curl http://localhost:9200/_cat/indices ?

Sushma · December 30, 2016, 7:00am

Hi,

The response is same:

yellow open .kibana 1 1 1 0 3.1kb 3.1kb

Thanks & Regards,
Sushma.

ppisljar · December 30, 2016, 7:47am

and some logstash output ?

Sushma · December 30, 2016, 8:09am

Hi,

No logstash output. The result to URL http://localhost:9200/_cat/indices is yellow open .kibana 1 1 1 0 3.1kb 3.1kb

The result to curl http://localhost:9200/_cat/indices is:

PS C:\Elk-Stack\logstash\bin> curl http://153.71.95.131:9200/_cat/indices

StatusCode : 200
StatusDescription : OK
Content : yellow open .kibana 1 1 1 0 3.1kb 3.1kb

RawContent : HTTP/1.1 200 OK
Content-Length: 41
Content-Type: text/plain; charset=UTF-8

                yellow open .kibana 1 1 1 0 3.1kb 3.1kb

Forms : {}
Headers : {[Content-Length, 41], [Content-Type, text/plain; charset=UTF-8]}
Images : {}
InputFields : {}
Links : {}
ParsedHtml : System.__ComObject
RawContentLength : 41

Sushma · January 3, 2017, 5:33am

Hi,

Any update please?

Thanks & Regards,
Sushma.

system · January 31, 2017, 5:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.