elasticsearchfilebeatopensearch

Filebeat not creating index in Opensearch


I have installed Filebeat-oss 7.12.0 and opensearch-2.4.0 and opensearchDashboard-2.4.0 on Windows.

Every service is working fine. But index is not getting created in Opensearch dashboard. There is no error.

Logs are:

INFO    log/harvester.go:302    Harvester started for file: D:\data\logs.txt
2022-12-08T18:28:17.584+0530    INFO    [crawler]   beater/crawler.go:141   Starting input (ID: 16780016071726099597)
2022-12-08T18:28:17.585+0530    INFO    [crawler]   beater/crawler.go:108   Loading and starting Inputs completed. Enabled inputs: 2
2022-12-08T18:28:17.585+0530    INFO    cfgfile/reload.go:164   Config reloader started
2022-12-08T18:28:17.584+0530    INFO    [input.filestream]  compat/compat.go:111    Input filestream starting
2022-12-08T18:28:17.585+0530    INFO    cfgfile/reload.go:224   Loading of config files completed.
2022-12-08T18:28:20.428+0530    INFO    [add_cloud_metadata]    add_cloud_metadata/add_cloud_metadata.go:101    add_cloud_metadata: hosting provider type not detected.
2022-12-08T18:28:21.428+0530    INFO    [publisher_pipeline_output] pipeline/output.go:143  Connecting to backoff(elasticsearch(http://localhost:9200))
2022-12-08T18:28:21.428+0530    INFO    [publisher] pipeline/retry.go:219   retryer: send unwait signal to consumer
2022-12-08T18:28:21.428+0530    INFO    [publisher] pipeline/retry.go:223     done
2022-12-08T18:28:21.433+0530    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 2.4.0
2022-12-08T18:28:21.537+0530    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 2.4.0
2022-12-08T18:28:21.620+0530    INFO    template/load.go:117    Try loading template filebeat-7.12.0 to Elasticsearch

filebeat.yml is:

filebeat.inputs:

- type: log

  
  paths:
    - D:\data\*
    
- type: filestream
  
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - D:\data\*
    
# ============================== Filebeat modules ==============================

filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml

  # Set to true to enable config reloading
  reload.enabled: false
  
 # ======================= Elasticsearch template setting =======================

setup.template.settings:
  index.number_of_shards: 1
  
#============================== Kibana =====================================
setup.kibana:
  
  host: "localhost:5601"
  
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["localhost:9200"]
  
#================================ Processors =====================================

# Configure processors to enhance or manipulate events generated by the beat.

processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

I don't know what the problem is. No index is created in Opensearch dashboard with name filebeat-7.12.0.


Solution

  • @Android see my reply on this thread: https://stackoverflow.com/a/74984260/6101900.

    You cannot forward events from filebeat to opensearch since its not elasticsearch.