Filebeat is not creating index in Elasticsearch

2
votes

I'm setting up Filebeat to send logs to Elasticsearch. This is my filebeat.yml:

filebeat.prospectors:
- type: log
  paths:
  - '/var/log/project/*.log'
  json.message_key: message

output.elasticsearch:
  hosts: ["localhost:9200"]

I have this file /var/log/project/test.log with this content:

{ "message": "This is a test" }

and I was expecting this log to be sent to Elasticsearch. Elasticsearch is running in a Docker container in localhost at 9200.

When I run filebeat (Docker), no index is created in Elasticsearch. So, in Kibana, I don't see any data.

Why is that? Isn't supposed that Filebeat creates index automatically?

2
elasticsearchkibanafilebeat

2 Answers

1
votes

Solved! I wasn't sharing logs dir between host and Filebeat container, so there wasn't logs to send.

I added a volume when run Filebeat:

docker run -it -v $(pwd)/filebeat.yml:/usr/share/filebeat/filebeat.yml -v /var/log/project/:/var/log/project/ docker.elastic.co/beats/filebeat:6.4.0
0
votes

you can create index as below

output.elasticsearch:
hosts: ["localhost:9200"]
index: "test-%{+yyyy.MM.dd}"