Hi, I've been struggling with this for a few days and no luck. As the title suggests, my self-hsoted app search is not displaying any API logs and the analytics are empty!
The data is definitely being stored somewhere, as Kibana is able to display stuff from filebeat when I make a search via the api but it doesn't show in my App Search UI. I am using the PHP client to make API calls. Also, the analytics are empty.
I'm on enterprise-search v7.7. As far as I can tell everything is configured properly...but clearly something is not right.
Sorry you're having problems with analytics and api logs!
Here are a few things you could check to allow us to triage the issue better:
When you send your API requests, do you see new lines being added to the log/filebeat.log? Those should be long JSON-encoded structured log messages describing your API requests.
If you see it in the logs, can you check if there is a filebeat instance running next to the enterprise-search java process? (ps axuww | grep filebeat should do)
If filebeat is running, can you check (via Kibana) if you have indexes called something like .ent-search-api-ecs-ilm-logs-2020.11.24-000002 in your Elasticsearch cluster.
If logs indexes exist, can you check if the most recent records there match what you see in filebeat.log (the log file is split into different streams and they are indexed into different indexes, so you will need to check analytics indexes for analytics events and api-logs for api events).
If all of the above works and you still don't see the data in the App Search UI, then it may be a bug. In that case I'd recommend upgrading to the latest 7.x release (7.10.0 as of the time of this writing) and reporting back if the issue still occurs after the upgrade.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.