filebeat-es index template not correctly installed in demo

[dolbyvista]

Hello,

I am having an issue starting the demo script (run.sh) to setup the filebeat-es index template:

** ensuring filebeat-es index template is correctly installed .. curl: (22) The requested URL returned error: 404 Not Found the 404 will repeat indefinitely.

Did I do something wrong? I am using latest Ubuntu, docker and docker compose installed. I tried using the wlp2s0 and docker0 adapter and the IPs the script gave me (only one option in each case).

[mmta]

That step runs the following command:

$ docker exec filebeat-es /usr/share/filebeat/filebeat setup --index-management
Overwriting ILM policy is disabled. Set `setup.ilm.overwrite: true` for enabling.

Index setup finished.

The script then checks the result of the above by making sure that there's filebeat index template created in ES:

$ curl -fsS 'localhost:9200/_template/filebeat*' | grep -q dsiem

$ echo $?
0

Maybe you can try the above command during the 404 loop to see what's going on? And you can also see the console output of the filebeat-es image by:

$ docker logs filebeat-es -f

If the filebeat setup command completes successfully but curl still fails, maybe try to increase the sleep time here: https://github.com/defenxor/dsiem/blob/1a608a0b7abd3af2972060ac362ed899260eadc8/demo/run.sh#L155

[A00279521]

I have similar problem. I tried the solution above by increasing the sleep time but no luck. I can't access the log file because I have to abort the process and once that's done the container are removed. Please let me know how you were able solve this

[A00279521]

I have it done