Double values filebeat

Elastic Stack Beats
1

Hello,

I'm trying to read my log server.json into logstash /kibana. Now I have opened a topic for this before, and I was advised to ask further questions in the filebeat forum. For the record.

I've already gotten a little further than my first problem I had in the previous topic.

Currently kibana shows double values I think (see image, marked with a red circle )

2023-03-21 17_02_16-Discover - Elastic en nog 10 andere pagina's - Profiel 1 - Microsoft​ Edge
2023-03-21 17_02_16-Discover - Elastic en nog 10 andere pagina's - Profiel 1 - Microsoft​ Edge660×721 56.6 KB

2023-03-22 08_52_18-Discover - Elastic en nog 11 andere pagina's - Profiel 1 - Microsoft​ Edge
2023-03-22 08_52_18-Discover - Elastic en nog 11 andere pagina's - Profiel 1 - Microsoft​ Edge792×726 62.6 KB

This is my filebeat.yml

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /opt/rh/eap7/piet/usr/share/wildfly/standalone/log/server.json
#  multiline.pattern: '^{'
  multiline.pattern: '^$'
  multiline.negate: true
  multiline.match: after
  processors:
#  - decode_json_fields:
#      fields: ["message"]
#      target: "json"
output.logstash:
  hosts: ["xxx.xxx.xxx.xxx:5044"]

The # are a result of my trail and error method. I have no clear reasons why I did that.. (sorry i am new in the IT)

and this is my logstash file.

input {
    beats {
        port => "5044"
    }
}
filter {
    json {
        source => "message"
    }
}
output{
    elasticsearch{
        hosts => ["localhost:9200"]
        index => "data"
    }
}

I may be doing something wrong. Unfortunately, I haven't been working in IT for very long. My filebeat.yml is based on some reading and some cutting and pasting (trial and error and it looks better then before). I'm a bit further, but it would be nice if I didn't get double values. Hopefully someone can help me.

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.