Hello everyone!
Just installed ELK.I installed Filebeat on the server myself and on another machine.

I uploaded the index template like this - according to the If the host running instruction, it’s my case that I’m not able to connect directly to the Elasticsearch.Filebeat transfers data to Logstash from me, and he already gives it to Elasticsearch:

filebeat export template>filebeat.template.json
curl -XPUT -H'Content-Type: application/json'localhost: 9200/_template/filebeat-6.4 .2 [email protected]


The cheap boards themselves flooded like this:

filebeat setup -e \
  -E output.logstash.enabled=false \
  -E output.elasticsearch.hosts=['localhost: 9200'] \
  -E setup.kibana.host=elk.mydomain.ru: 5601


On the server, enabled the filebeats system module, on another machine, -system and mysql.
Launched filebeats on both machines.
Discovery shows incoming data, but the trouble is, in Dashbord there is something like
Could not locate that index-pattern-field(id: system.syslog.hostname)




How to win, comrades? Reading the documentation hasn't helped yet.

Configs:

Filebeat

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/*.log

filebeat.config.modules:
  path: ${path.config} /modules.d/*.yml
  reload.enabled: false

setup.template.settings:
  index.number_of_shards: 3

setup.kibana:
  host:"elk.mydomain.ru:5601"

output.logstash:
  #The Logstash hosts
  hosts:["elk.mydomain.ru:5044"]


Logstash

input {
      beats {
        port=>5044
      }
}

output {
      elasticsearch {
        hosts=>["localhost: 9200"]
        sniffing=>true
        manage_template=>false
        index=&"gt;"% {[@ metadata][beat]} -% {+ YYYY.MM.dd}"" document_type=>"doc"
      }
}
  • Maybe you need to poshamanit here? https://i.imgur.com/2Th1UeD.png – Shy46 Oct 18 '18 at 16:36
  • Shy46, I have some indexes there, just from filebeat. But for some reason they are not enough. – Monty84 Oct 18 '18 at 16:43
  • something tells me that the data you have is in the index of the file bit, and not in syllables.
    In theory, as soon as you get logs from applications or from somewhere, you can create an index pattern.
    – Inbred Crystal Oct 18 '18 at 18:52
  • Inbred Crystal, is it possible in more detail? Data is coming all the time - I see them in discovery. How to check whether they come in file index or syllables? – Monty84 Oct 19 '18 at 09:02
  • Monty84, I meant that the data can be system data, which also writes a file of bits or another system to ELK. Well, since you say that you are getting the correct data,....
    Show what index patterns you have created? where did this dashboard come from? Visualization tried to create based on the data?
    – Inbred Crystal Oct 19 '18 at 09:06
  • Inbred Crystal,
    These are the indices:
    curl -l localhost: 9200/_aliases? Pretty
    {
    ".kibana": {
    "aliases": {}
    },
    "filebeat-2018.10.19": {
    "aliases": {}
    }
    }


    All dashboards are standard, from the Filebeats package itself. Visualization did not try.
    – Monty84 Oct 19 '18 at 10:17

1 Answers 1

I decided in the end just.Removed visualizations, dashboards, template.Zakommentil in the config Logstash, prescribed Elasticsearch.

Run
filebeat setup

Installed and the pattern and desks and all that is needed.Uncommented Logstash, commented on Elasticsearch, launched Filebeat.Works.

Hike,
-E output.logstash.enabled=false \
-E output.elasticsearch.hosts=['localhost: 9200']

not processed normally.