1 logstash works fine
2 logstash, wrong view in kibana
Welcome to our community! 
It's not clear what your problem is sorry, can you elaborate?
I see a "Node:1" in the "Nodes" tab, but should see "Nodes:2"
probably
refreshing the page
I see either the first or the second node
How are you monitoring Logstash?
What does the logstash.yml of each server looks like? Please share it.
Can you please format your posts using the Preformatted text button, the </> button? It is really hard to understand your configurations without it.
Or put the configuration files between three single quotes, like this:
```
configuration
```
Also, you didn't share the logstash.yml of your nodes.
logstesh node1logstash
/etc/logstash/conf.d/logstash-sample.conf
input {
beats {
port => 5044
id => "beats-id_telk-logstash"
}
}
filter {
if "pole" in [tags] {
grok {
match => { "message" => ["%{NUMBER:UPID}\|%{TIME:LOGTIME}\|\s*%{GREEDYDATA:Services}\|%{GREEDYDATA:Message}"] }
}
}
}
output {
elasticsearch {
hosts => ["https://172.22.189.188:9200"]
id => "elastic-id_telk-logstash"
#index => "test-servers-%{+YYYY.MM.dd}"
user => "elastic"
password => "7QWyjr7Hr=8Rbo_rtg*C"
ssl => true
cacert => "/etc/logstash/http_ca.crt"
}
}
logstesh node1 pipelines
/etc/logstash/pipelines.yml
pipeline.id: pipeline-telk-logstash
path.config: "/etc/logstash/conf.d/*.conf"
logstesh node1 metricbeat
/etc/metricbeat/modules.d/logstash-xpack.yml
- module: logstash
xpack.enabled: true
period: 10s
hosts: ["localhost:9600"]
#username: "user"
#password: "secret"
metricsets: ["node", "node_stats"]
period: 10s
ssl.enabled: true
ssl.certificate_authorities: ["/etc/metricbeat/http_ca.crt"]
logstesh node2 logstash
/etc/logstash/conf.d/logstash-sample.conf
input {
beats {
port => 5044
id => "beats-id_telk-logstash2"
}
}
filter {
if "pole" in [tags] {
grok {
match => { "message" => ["%{NUMBER:UPID}\|%{TIME:LOGTIME}\|\s*%{GREEDYDATA:Services}\|%{GREEDYDATA:Message}"] }
}
}
}
output {
elasticsearch {
hosts => ["https://172.22.189.188:9200"]
id => "elastic-id_telk-logstash2"
#index => "test-servers-%{+YYYY.MM.dd}"
user => "elastic"
password => "7QWyjr7Hr=8Rbo_rtg*C"
ssl => true
cacert => "/etc/logstash/http_ca.crt"
}
}
logstesh node2 pipelines
/etc/logstash/pipelines.yml
pipeline.id: pipeline-telk-logstash2
path.config: "/etc/logstash/conf.d/*.conf"
logstesh node2 metricbeat
/etc/metricbeat/modules.d/logstash-xpack.yml
- module: logstash
xpack.enabled: true
period: 10s
hosts: ["localhost:9600"]
#username: "user"
#password: "secret"
metricsets: ["node", "node_stats"]
period: 10s
ssl.enabled: true
ssl.certificate_authorities: ["/etc/metricbeat/http_ca.crt"]
formatted
The logstahs.yml is still missing, the one in /etc/logstash.
You need to share the file of both of your nodes.
telk-logstash1
telk-logstash1: cat /etc/logstash/logstash.yml |grep -v '#'
path.data: /var/lib/logstash
path.logs: /var/log/logstash
telk-logstash2
telk-logstash2: cat /etc/logstash/logstash.yml |grep -v '#'
path.data: /var/lib/logstash
path.logs: /var/log/logstash
shared
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.