OS? Windows 10.
Guide used? http://robwillis.info/2016/05/installing-elasticsearch-logstash-and-kibana-elk-on-windows-server-2012-r2/
Did I research before coming here? YES
Error? No matching indices found: No indices match pattern "filebeat-*" (found on Kibana)
Set up ELK stack with the beats: filebeat, metricbeat, packetbeat, and winlogbeat. Everything seems to be working except filebeat. All services are running. Here is a copy of my filebeat config, thank you very much for your assistance!
*PS - if you have any suggestions to implement, i am open minded. This is used on my personal, host computer for learning purposes.
#=========================== Filebeat prospectors =============================
filebeat.prospectors:
- type: log
enabled: true
paths:
#- /var/log/*.log
- C:\ProgramData\Elastic\Elasticsearch\logs\*
- C:\ProgramData\winlogbeat\logs\*
- C:\ProgramData\packetbeat\logs\*
- C:\ProgramData\metricbeat\logs\*
- C:\ProgramData\filebeat\logs\*
- C:\Snort\logs\*.logs\*
#exclude_lines: ['^DBG']
#include_lines: ['^ERR', '^WARN']
#exclude_files: ['.gz$']
#fields:
# level: debug
# review: 1
### Multiline options
#multiline.pattern: ^\[
#multiline.negate: false
#multiline.match: after
#============================= Filebeat modules ===============================
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
#reload.period: 10s
#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 3
#index.codec: best_compression
#_source.enabled: false
#================================ General =====================================
#name:
#tags: ["service-X", "web-tier"]
#fields:
# env: staging
#============================== Dashboards =====================================
#setup.dashboards.enabled: false
#setup.dashboards.url:
#============================== Kibana =====================================
setup.kibana:
host: "localhost:5601"
#============================= Elastic Cloud ==================================
#cloud.id:
#cloud.auth:
#================================ Outputs =====================================
# Configure what output to use when sending the data collected by the beat.
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["localhost:9200"]
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"
#----------------------------- Logstash output --------------------------------
#output.logstash:
# The Logstash hosts
#hosts: ["localhost:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
#================================ Logging =====================================
# Sets log level. The default log level is info.
# Available log levels are: error, warning, info, debug
#logging.level: debug
# At debug level, you can selectively enable logging only for some components.
# To enable all selectors use ["*"]. Examples of other selectors are "beat",
# "publish", "service".
#logging.selectors: ["*"]
#============================== Xpack Monitoring ===============================
#xpack.monitoring.enabled: false
#xpack.monitoring.elasticsearch: