Héctor Valls
Reputation: 26084
Filebeat is not creating index in Elasticsearch
I'm setting up Filebeat to send logs to Elasticsearch. This is my filebeat.yml:
filebeat.prospectors:
- type: log
paths:
- '/var/log/project/*.log'
json.message_key: message
output.elasticsearch:
hosts: ["localhost:9200"]
I have this file /var/log/project/test.log with this content:
{ "message": "This is a test" }
and I was expecting this log to be sent to Elasticsearch. Elasticsearch is running in a Docker container in localhost at 9200.
When I run filebeat (Docker), no index is created in Elasticsearch. So, in Kibana, I don't see any data.
Why is that? Isn't supposed that Filebeat creates index automatically?
Upvotes: 3
Views: 3991
Answers (2)
Héctor Valls
Reputation: 26084
Solved! I wasn't sharing logs dir between host and Filebeat container, so there wasn't logs to send.
I added a volume when run Filebeat:
docker run -it -v $(pwd)/filebeat.yml:/usr/share/filebeat/filebeat.yml -v /var/log/project/:/var/log/project/ docker.elastic.co/beats/filebeat:6.4.0
Upvotes: 1
Govardhan Reddy
Reputation: 1
you can create index as below
output.elasticsearch:
hosts: ["localhost:9200"]
index: "test-%{+yyyy.MM.dd}"
Upvotes: 0
Related Questions
- FileBeat not sending data to ElasticSearch Kibana
- Connecting filebeat to elasticsearch
- filebeat is not creating index with my name
- Filebeat index is getting created but with 0 documents
- Filebeat 7.9.3 change index is not working and it always creates default filebeat-7.9.3-2020.11.04-000001
- Kibana Filebeat Index Pattern is not working
- Running Filebeat in windows
- Cannot get FileBeat to post to Elastic Search
- Using filebeat with elasticsearch
- filebeat index creation seems not working in elasticsearch