Beats behaviour

Igor_Dementyeff · June 5, 2016, 12:24pm

Hello all. I got a very strange problem with the Kibana and I honestly don't know where to search...
So the overview is this:
Kibana server with topbeat, packetbeat and filebeat running
Once in a day, or 2 days, filebeat stops showing any results in the dashboard I made.
Restart to Kibana and all 3 beats is not giving any solution, as also the removing and adding beats back to the index patterns
Under the /0/indices folder every beat got its own folder for today and 3 days back. Older folders are deleted by the cronjob every day
Kibana server is Linux, and it monitors the JBOSS linux servers. Filebeat is used for analysing the logs of JBOSS servers
Can someone please help me to solve the issue?

Thanks in advance
Igor

warkolm · June 5, 2016, 11:33pm

Is there data in the indices? Take a look with _cat/indices.

Igor_Dementyeff · June 6, 2016, 7:31am

Thanks for the answer. Yes, it is

warkolm · June 6, 2016, 7:45am

Please don't post pictures of text, they are difficult to read and some people may not be even able to see them.

Also, use the APIs, not the filesystem. What does that API show you?

Igor_Dementyeff · June 6, 2016, 7:49am

Sorry, will not do it again
The result:

-bash-4.1# curl 'localhost:9200/_cat/indices/twi*?v' health status index pri rep docs.count docs.deleted store.size pri.store.size

So it shows nothing as I assume

warkolm · June 6, 2016, 7:51am

Then it looks like a beats issue.

Can you post your configs and versions?

Igor_Dementyeff · June 6, 2016, 8:11am

2016/06/06 08:08:22.355246 beat.go:107: INFO Init Beat: topbeat; Version: 1.0.1
2016/06/06 08:09:13.320334 beat.go:107: INFO Init Beat: filebeat; Version: 1.0.1
2016/06/06 08:09:46.564029 beat.go:107: INFO Init Beat: packetbeat; Version: 1.0.1

Config - you mean the .yml files?

warkolm · June 6, 2016, 9:48pm

Yes.

Igor_Dementyeff · June 7, 2016, 4:55am

`filebeat:
prospectors:
-
paths:
- /opt/jboss/EAP/standalone/log/server.log
fields:
server: jboss

registry_file: /var/lib/filebeat/registry

output:
logstash:
hosts: ["badger:5018"]

shipper:

logging:
level: warning
to_files: true
to_syslog: false
files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 2
rotateeverybytes: 10485760 # = 10MB

interfaces:
device: any

protocols:
dns:
ports: [53]
include_authorities: true
include_additionals: true
http:
ports: [80, 8080, 8180, 8280, 8380]
hide_keywords: ['password']
memcache:
ports: [11211]

vi /etc/topbeat/topbeat.yml
input:
period: 10
procs: [".*"]

stats:
system: true
proc: true
filesystem: true

output:
logstash:
hosts: ["badger:5018"]

shipper:

logging:
to_syslog: false
to_files: true
files:
path: /var/log/topbeat
name: topbeat.log
rotateeverybytes: 10485760 # = 10MB
keepfiles: 2
level: warning
~

output:
logstash:
hosts: ["badger:5018"]

shipper:

logging:
to_files: true
to_syslog: false
files:
path: /var/log/packetbeat
name: packetbeat.log
rotateeverybytes: 10485760 # = 10MB
keepfiles: 2
level: warning

`

Igor_Dementyeff · June 9, 2016, 2:40pm

Mark, you here?

steffens · June 10, 2016, 10:18am

please upgrade your beats to more recent release. Old versions have a known bug of beats not sending new events if logstash/network failed way too often.

Topic		Replies	Views
Filebeat index help Beats filebeat	4	383	October 2, 2018
Packetbeat index not created and no info from Kibana Beats	18	3237	July 5, 2017
I have ran filebeat but not showing up anything on kibana Beats filebeat	19	8737	July 5, 2017
Topbeat logs not showed in kibana Beats	5	728	June 20, 2017
Filebeat appears to be running but not displayed on Kibana Beats filebeat	8	6481	March 21, 2017

Beats behaviour

Related Topics