After installing Open Distro Elastic Search (check the Open Distro website for instructions) test using
curl -k -X GET 'https://localhost:9200' -u username:password
journalctl -u kibana.service
this will show recent 50 lines
journalctl -u kibana.service -n 50
#=========================== Filebeat inputs =============================
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
- type: log
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /var/log/*.log
#- c:\programdata\elasticsearch\logs\*
# - /var/log/nginx/*.log
sudo ntpdate 0.au.pool.ntp.org
Check filbeat config file using below
sudo filebeat test config
1.Filebeat had issues even after above config was right so wokaround was #### Delete or rename the existing registry files in json /var/lib/filebeat/registry for DEB and RPM packages
c:for the Windows zip file
/var/lib/filebeat/registry
data.json and meta.json
filebeat.yml add this otherwise filebeat doesn’t seem to connect to elastic search Once this is working then we can look at investigating ssl and certificates
# Configure SSL verification mode. If `none` is configured, all server hosts
# and certificates will be accepted. In this mode, SSL based connections are
# susceptible to man-in-the-middle attacks. Use only for testing. Default is
# `full`.
ssl.verification_mode: none
check status of ES Cluster
sudo curl -k https://localhost:9200/_cluster/health?pretty -u username:password
Kibana status
curl -XGET http://localhost:5601/status -I
This helped in making filebeat work finally
sudo filebeat setup -e --dashboards --pipelines --template
In Kibana for setting indices
Create an index teamplate using dev console
use POST command
Create an index pattern