Thanks @eMitch for your response. i am using both elasticsearch and kibana modules in my metricbeat.modules config. below is my config and also logs below that.
metricbeat.modules:
- hosts:
- https://elastic.<redacted>.com:9200
module: elasticsearch
password: iepbLQn$^3sgq6#X
period: 10s
scope: cluster
ssl.verification_mode: certificate
username: admin
xpack.enabled: true
- module: kibana
metricsets:
- stats
period: 10s
hosts: ["https://kibana.<redacted>:5601"]
xpack.enabled: true
username: admin
password: iepbLQn$^3sgq6#X
metricbeat logs:
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.302Z","log.origin":{"file.name":"instance/beat.go","file.line":724},"message":"Home path: [/usr/share/metricbeat] Config path: [/usr/share/metricbeat] Data path: [/usr/share/metricbeat/data] Logs path: [/usr/share/metricbeat/logs]","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.302Z","log.origin":{"file.name":"instance/beat.go","file.line":732},"message":"Beat ID: f380f42c-81e8-4005-9f84-8f1361f64e26","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.303Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":69},"message":"Starting stats endpoint","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.303Z","log.logger":"api","log.origin":{"file.name":"api/server.go","file.line":71},"message":"Metrics endpoint listening on: 127.0.0.1:5066 (configured: localhost)","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.303Z","log.logger":"seccomp","log.origin":{"file.name":"seccomp/seccomp.go","file.line":124},"message":"Syscall filter successfully installed","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.303Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1096},"message":"Beat info","service.name":"metricbeat","system_info":{"beat":{"path":{"config":"/usr/share/metricbeat","data":"/usr/share/metricbeat/data","home":"/usr/share/metricbeat","logs":"/usr/share/metricbeat/logs"},"type":"metricbeat","uuid":"f380f42c-81e8-4005-9f84-8f1361f64e26"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.303Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1105},"message":"Build info","service.name":"metricbeat","system_info":{"build":{"commit":"a8dbc6c06381f4fe33a5dc23906d63c04c9e2444","libbeat":"8.7.0","time":"2023-03-23T00:44:47.000Z","version":"8.7.0"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.303Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1108},"message":"Go runtime info","service.name":"metricbeat","system_info":{"go":{"os":"linux","arch":"amd64","max_procs":8,"version":"go1.19.7"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.305Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1114},"message":"Host info","service.name":"metricbeat","system_info":{"host":{"architecture":"x86_64","boot_time":"2023-05-15T21:17:11Z","containerized":true,"name":"aks-nodepool1-30653362-vmss000009","ip":["127.0.0.1","::1","172.19.54.154","fe80::222:48ff:fe2a:9248","fe80::a8aa:aaff:feaa:aaaa","fe80::a8aa:aaff:feaa:aaaa","fe80::a8aa:aaff:feaa:aaaa","fe80::a8aa:aaff:feaa:aaaa","fe80::a8aa:aaff:feaa:aaaa","fe80::a8aa:aaff:feaa:aaaa"],"kernel_version":"5.4.0-1103-azure","mac":["00:22:48:2a:92:48","00:22:48:2a:92:48","aa:aa:aa:aa:aa:aa","aa:aa:aa:aa:aa:aa","aa:aa:aa:aa:aa:aa","aa:aa:aa:aa:aa:aa","aa:aa:aa:aa:aa:aa","aa:aa:aa:aa:aa:aa"],"os":{"type":"linux","family":"debian","platform":"ubuntu","name":"Ubuntu","version":"20.04.5 LTS (Focal Fossa)","major":20,"minor":4,"patch":5,"codename":"focal"},"timezone":"UTC","timezone_offset_sec":0},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.305Z","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1143},"message":"Process info","service.name":"metricbeat","system_info":{"process":{"capabilities":{"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"ambient":null},"cwd":"/usr/share/metricbeat","exe":"/usr/share/metricbeat/metricbeat","name":"metricbeat","pid":7,"ppid":1,"seccomp":{"mode":"filter","no_new_privs":true},"start_time":"2023-05-18T09:33:59.690Z"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.305Z","log.origin":{"file.name":"instance/beat.go","file.line":297},"message":"Setup Beat: metricbeat; Version: 8.7.0","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:00.308Z","log.logger":"cfgwarn","log.origin":{"file.name":"tlscommon/config.go","file.line":102},"message":"DEPRECATED: Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version: 8.0.0","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.308Z","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":108},"message":"elasticsearch url: https://elastic.<>:9200","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.308Z","log.logger":"publisher","log.origin":{"file.name":"pipeline/module.go","file.line":113},"message":"Beat name: aks-nodepool1-30653362-vmss000009","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:00.329Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:00.366Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:00.384Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:00.405Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:00.420Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:00.428Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.434Z","log.logger":"kubernetes","log.origin":{"file.name":"kubernetes/util.go","file.line":146},"message":"kubernetes: Node aks-nodepool1-30653362-vmss000009 discovered by NODE_NAME environment variable","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:00.441Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:00.454Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.462Z","log.logger":"kubernetes","log.origin":{"file.name":"kubernetes/util.go","file.line":146},"message":"kubernetes: Node aks-nodepool1-30653362-vmss000009 discovered by NODE_NAME environment variable","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:00.475Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.478Z","log.origin":{"file.name":"util/kubernetes.go","file.line":649},"message":"could not retrieve cluster metadata: fail to get kubernetes cluster metadata: unable to retrieve cluster identifiers","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:00.478Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.481Z","log.origin":{"file.name":"util/kubernetes.go","file.line":649},"message":"could not retrieve cluster metadata: fail to get kubernetes cluster metadata: unable to retrieve cluster identifiers","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.484Z","log.origin":{"file.name":"add_kubernetes_metadata/kubernetes.go","file.line":73},"message":"add_kubernetes_metadata: kubernetes env detected, with version: v1.24.9","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.484Z","log.origin":{"file.name":"add_kubernetes_metadata/kubernetes.go","file.line":73},"message":"add_kubernetes_metadata: kubernetes env detected, with version: v1.24.9","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.484Z","log.origin":{"file.name":"add_kubernetes_metadata/kubernetes.go","file.line":73},"message":"add_kubernetes_metadata: kubernetes env detected, with version: v1.24.9","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.484Z","log.origin":{"file.name":"add_kubernetes_metadata/kubernetes.go","file.line":73},"message":"add_kubernetes_metadata: kubernetes env detected, with version: v1.24.9","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.484Z","log.origin":{"file.name":"add_kubernetes_metadata/kubernetes.go","file.line":73},"message":"add_kubernetes_metadata: kubernetes env detected, with version: v1.24.9","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:00.485Z","log.logger":"cfgwarn","log.origin":{"file.name":"sysinit/init.go","file.line":79},"message":"DEPRECATED: The --system.hostfs flag will be removed in the future and replaced by a config value. Will be removed in version: 8.0.0","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.485Z","log.origin":{"file.name":"filesystem/filesystem.go","file.line":70},"message":"Ignoring filesystem types: sysfs, tmpfs, bdev, proc, cgroup, cgroup2, cpuset, devtmpfs, configfs, debugfs, tracefs, securityfs, sockfs, bpf, pipefs, ramfs, hugetlbfs, devpts, ecryptfs, fuse, fusectl, efivarfs, mqueue, pstore, autofs, rpc_pipefs, binfmt_misc, overlay, aufs","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.485Z","log.logger":"system.fsstat","log.origin":{"file.name":"fsstat/fsstat.go","file.line":60},"message":"Ignoring filesystem types: %ssysfs, tmpfs, bdev, proc, cgroup, cgroup2, cpuset, devtmpfs, configfs, debugfs, tracefs, securityfs, sockfs, bpf, pipefs, ramfs, hugetlbfs, devpts, ecryptfs, fuse, fusectl, efivarfs, mqueue, pstore, autofs, rpc_pipefs, binfmt_misc, overlay, aufs","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:00.485Z","log.logger":"cfgwarn","log.origin":{"file.name":"sysinit/init.go","file.line":79},"message":"DEPRECATED: The --system.hostfs flag will be removed in the future and replaced by a config value. Will be removed in version: 8.0.0","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.493Z","log.logger":"kubernetes","log.origin":{"file.name":"kubernetes/util.go","file.line":146},"message":"kubernetes: Node aks-nodepool1-30653362-vmss000009 discovered by NODE_NAME environment variable","service.name":"metricbeat","libbeat.processor":"add_kubernetes_metadata","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.494Z","log.logger":"kubernetes","log.origin":{"file.name":"kubernetes/util.go","file.line":146},"message":"kubernetes: Node aks-nodepool1-30653362-vmss000009 discovered by NODE_NAME environment variable","service.name":"metricbeat","libbeat.processor":"add_kubernetes_metadata","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.495Z","log.logger":"kubernetes","log.origin":{"file.name":"kubernetes/util.go","file.line":146},"message":"kubernetes: Node aks-nodepool1-30653362-vmss000009 discovered by NODE_NAME environment variable","service.name":"metricbeat","libbeat.processor":"add_kubernetes_metadata","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.495Z","log.logger":"kubernetes","log.origin":{"file.name":"kubernetes/util.go","file.line":146},"message":"kubernetes: Node aks-nodepool1-30653362-vmss000009 discovered by NODE_NAME environment variable","service.name":"metricbeat","libbeat.processor":"add_kubernetes_metadata","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.495Z","log.logger":"kubernetes","log.origin":{"file.name":"kubernetes/util.go","file.line":146},"message":"kubernetes: Node aks-nodepool1-30653362-vmss000009 discovered by NODE_NAME environment variable","service.name":"metricbeat","libbeat.processor":"add_kubernetes_metadata","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.601Z","log.logger":"autodiscover.pod","log.origin":{"file.name":"kubernetes/util.go","file.line":146},"message":"kubernetes: Node aks-nodepool1-30653362-vmss000009 discovered by NODE_NAME environment variable","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.608Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message":"Starting metrics logging every 30s","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.608Z","log.origin":{"file.name":"instance/beat.go","file.line":486},"message":"metricbeat start running.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:00.608Z","log.logger":"autodiscover","log.origin":{"file.name":"autodiscover/autodiscover.go","file.line":118},"message":"Starting autodiscover manager","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:01.023Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:01.648Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":139},"message":"Connecting to backoff(elasticsearch(https://elastic.<>:9200))","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:01.670Z","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":291},"message":"Attempting to connect to Elasticsearch version 8.7.0","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:01.681Z","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":291},"message":"Attempting to connect to Elasticsearch version 8.7.0","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:01.682Z","log.logger":"index-management","log.origin":{"file.name":"idxmgmt/std.go","file.line":230},"message":"Auto ILM enable success.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:01.687Z","log.logger":"index-management.ilm","log.origin":{"file.name":"ilm/std.go","file.line":118},"message":"ILM policy metricbeat exists already.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:01.689Z","log.logger":"template_loader","log.origin":{"file.name":"template/load.go","file.line":115},"message":"Template \"platdev2-metrics\" already exists and will not be overwritten.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:01.689Z","log.logger":"index-management","log.origin":{"file.name":"idxmgmt/std.go","file.line":266},"message":"Loaded index template.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:01.690Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":147},"message":"Connection to backoff(elasticsearch(https://elastic.<>.com:9200)) established","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:02.601Z","log.origin":{"file.name":"http/http.go","file.line":115},"message":"Starting HTTP server on localhost:8080","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:34:04.133Z","log.logger":"elasticsearch.ccr","log.origin":{"file.name":"ccr/ccr.go","file.line":78},"message":"the CCR feature is available with a platinum or enterprise Elasticsearch license. You currently have a basic license. Either upgrade your license or remove the ccr metricset from your Elasticsearch module configuration.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:34:30.612Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpu":{"cfs":{"period":{"us":100000}},"id":"/"},"cpuacct":{"id":"/","total":{"ns":3019264724}},"memory":{"id":"/","mem":{"limit":{"bytes":9223372036854771712},"usage":{"bytes":130228224}}}},"cpu":{"system":{"ticks":600,"time":{"ms":600}},"total":{"ticks":2480,"time":{"ms":2480},"value":2480},"user":{"ticks":1880,"time":{"ms":1880}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":30},"info":{"ephemeral_id":"fb630bac-2abe-4aad-868f-a7868c29ae14","name":"metricbeat","uptime":{"ms":30364},"version":"8.7.0"},"memstats":{"gc_next":89457856,"memory_alloc":52997392,"memory_sys":105169176,"memory_total":332543632,"rss":217116672},"runtime":{"goroutines":635}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":2066,"active":0,"batches":67,"duplicates":741,"total":2807},"read":{"bytes":891190},"type":"elasticsearch","write":{"bytes":4879268}},"pipeline":{"clients":34,"events":{"active":95,"filtered":1,"published":2902,"retry":6,"total":2903},"queue":{"acked":2807,"max_events":4096}}},"metricbeat":{"elasticsearch":{"cluster_stats":{"events":3,"success":3},"enrich":{"events":15,"success":15},"index":{"events":369,"success":369},"index_recovery":{"events":558,"success":558},"index_summary":{"events":3,"success":3},"node_stats":{"events":10,"success":10},"shard":{"events":741,"success":741}},"kibana":{"cluster_actions":{"events":3,"success":3},"cluster_rules":{"events":3,"success":3},"node_actions":{"events":3,"success":3},"node_rules":{"events":3,"success":3},"stats":{"events":3,"success":3}},"kubernetes":{"container":{"events":19,"success":19},"event":{"events":7,"success":7},"node":{"events":1,"success":1},"pod":{"events":14,"success":14},"state_container":{"events":399,"success":399},"state_deployment":{"events":87,"success":87},"state_node":{"events":15,"success":15},"state_pod":{"events":306,"success":306},"state_replicaset":{"events":285,"success":285},"system":{"events":3,"success":3},"volume":{"events":28,"success":28}},"system":{"cpu":{"events":1,"success":1},"filesystem":{"events":1,"success":1},"fsstat":{"events":1,"success":1},"load":{"events":1,"success":1},"memory":{"events":1,"success":1},"network":{"events":9,"success":9},"process":{"events":10,"success":10},"process_summary":{"events":1,"success":1}}},"system":{"cpu":{"cores":8},"load":{"1":0.28,"15":0.84,"5":0.42,"norm":{"1":0.035,"15":0.105,"5":0.0525}}}},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2023-05-18T09:35:00.612Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpuacct":{"total":{"ns":1984007104}},"memory":{"mem":{"usage":{"bytes":147742720}}}},"cpu":{"system":{"ticks":740,"time":{"ms":140}},"total":{"ticks":3680,"time":{"ms":1200},"value":3680},"user":{"ticks":2940,"time":{"ms":1060}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":33},"info":{"ephemeral_id":"fb630bac-2abe-4aad-868f-a7868c29ae14","uptime":{"ms":60366},"version":"8.7.0"},"memstats":{"gc_next":80481744,"memory_alloc":48339776,"memory_sys":8912896,"memory_total":555525600,"rss":220504064},"runtime":{"goroutines":641}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":2070,"active":0,"batches":69,"duplicates":741,"total":2811},"read":{"bytes":888960},"write":{"bytes":5121128}},"pipeline":{"clients":34,"events":{"active":95,"published":2811,"total":2811},"queue":{"acked":2811}}},"metricbeat":{"elasticsearch":{"cluster_stats":{"events":3,"success":3},"enrich":{"events":15,"success":15},"index":{"events":369,"success":369},"index_recovery":{"events":558,"success":558},"index_summary":{"events":3,"success":3},"node_stats":{"events":15,"success":15},"shard":{"events":741,"success":741}},"kibana":{"cluster_actions":{"events":3,"success":3},"cluster_rules":{"events":3,"success":3},"node_actions":{"events":3,"success":3},"node_rules":{"events":3,"success":3},"stats":{"events":3,"success":3}},"kubernetes":{"state_container":{"events":399,"success":399},"state_deployment":{"events":87,"success":87},"state_node":{"events":15,"success":15},"state_pod":{"events":306,"success":306},"state_replicaset":{"events":285,"success":285}}},"system":{"load":{"1":0.24,"15":0.81,"5":0.39,"norm":{"1":0.03,"15":0.1013,"5":0.0488}}}},"ecs.version":"1.6.0"}}
{"log.level":"warn","@timestamp":"2023-05-18T09:35:04.137Z","log.logger":"elasticsearch.ccr","log.origin":{"file.name":"ccr/ccr.go","file.line":78},"message":"the CCR feature is available with a platinum or enterprise Elasticsearch license. You currently have a basic license. Either upgrade your license or remove the ccr metricset from your Elasticsearch module configuration.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:35:30.612Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpuacct":{"total":{"ns":2224406155}},"memory":{"mem":{"usage":{"bytes":157712384}}}},"cpu":{"system":{"ticks":1110,"time":{"ms":370}},"total":{"ticks":5110,"time":{"ms":1430},"value":5110},"user":{"ticks":4000,"time":{"ms":1060}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":36},"info":{"ephemeral_id":"fb630bac-2abe-4aad-868f-a7868c29ae14","uptime":{"ms":90366},"version":"8.7.0"},"memstats":{"gc_next":84310904,"memory_alloc":78317856,"memory_sys":4227072,"memory_total":802887992,"rss":229158912},"runtime":{"goroutines":647}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":2256,"active":0,"batches":71,"duplicates":741,"total":2997},"read":{"bytes":935752},"write":{"bytes":5422000}},"pipeline":{"clients":34,"events":{"active":2,"filtered":1,"published":2904,"total":2905},"queue":{"acked":2997}}},"metricbeat":{"elasticsearch":{"cluster_stats":{"events":3,"success":3},"enrich":{"events":15,"success":15},"index":{"events":369,"success":369},"index_recovery":{"events":558,"success":558},"index_summary":{"events":3,"success":3},"node_stats":{"events":15,"success":15},"shard":{"events":741,"success":741}},"kibana":{"cluster_actions":{"events":3,"success":3},"cluster_rules":{"events":3,"success":3},"node_actions":{"events":3,"success":3},"node_rules":{"events":3,"success":3},"stats":{"events":3,"success":3}},"kubernetes":{"container":{"events":19,"success":19},"event":{"events":6,"success":6},"node":{"events":1,"success":1},"pod":{"events":14,"success":14},"state_container":{"events":399,"success":399},"state_deployment":{"events":87,"success":87},"state_node":{"events":15,"success":15},"state_pod":{"events":306,"success":306},"state_replicaset":{"events":285,"success":285},"system":{"events":3,"success":3},"volume":{"events":30,"success":30}},"system":{"cpu":{"events":1,"success":1},"filesystem":{"events":1,"success":1},"fsstat":{"events":1,"success":1},"load":{"events":1,"success":1},"memory":{"events":1,"success":1},"network":{"events":10,"success":10},"process":{"events":5,"success":5},"process_summary":{"events":1,"success":1}}},"system":{"load":{"1":0.42,"15":0.81,"5":0.43,"norm":{"1":0.0525,"15":0.1013,"5":0.0538}}}},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2023-05-18T09:36:00.611Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpuacct":{"total":{"ns":1908027330}},"memory":{"mem":{"usage":{"bytes":159199232}}}},"cpu":{"system":{"ticks":1260,"time":{"ms":150}},"total":{"ticks":6250,"time":{"ms":1140},"value":6250},"user":{"ticks":4990,"time":{"ms":990}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":36},"info":{"ephemeral_id":"fb630bac-2abe-4aad-868f-a7868c29ae14","uptime":{"ms":120365},"version":"8.7.0"},"memstats":{"gc_next":87348360,"memory_alloc":58845024,"memory_sys":262144,"memory_total":1005607992,"rss":228585472},"runtime":{"goroutines":647}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":2081,"active":0,"batches":70,"duplicates":741,"total":2822},"read":{"bytes":891859},"write":{"bytes":5135315}},"pipeline":{"clients":34,"events":{"active":1,"published":2821,"total":2821},"queue":{"acked":2822}}},"metricbeat":{"elasticsearch":{"cluster_stats":{"events":3,"success":3},"enrich":{"events":15,"success":15},"index":{"events":369,"success":369},"index_recovery":{"events":558,"success":558},"index_summary":{"events":3,"success":3},"node_stats":{"events":15,"success":15},"shard":{"events":741,"success":741}},"kibana":{"cluster_actions":{"events":3,"success":3},"cluster_rules":{"events":3,"success":3},"node_actions":{"events":3,"success":3},"node_rules":{"events":3,"success":3},"stats":{"events":3,"success":3}},"kubernetes":{"event":{"events":10,"success":10},"state_container":{"events":399,"success":399},"state_deployment":{"events":87,"success":87},"state_node":{"events":15,"success":15},"state_pod":{"events":306,"success":306},"state_replicaset":{"events":285,"success":285}}},"system":{"load":{"1":0.37,"15":0.8,"5":0.42,"norm":{"1":0.0463,"15":0.1,"5":0.0525}}}},"ecs.version":"1.6.0"}}
{"log.level":"warn","@timestamp":"2023-05-18T09:36:06.348Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:36:14.135Z","log.logger":"elasticsearch.ccr","log.origin":{"file.name":"ccr/ccr.go","file.line":78},"message":"the CCR feature is available with a platinum or enterprise Elasticsearch license. You currently have a basic license. Either upgrade your license or remove the ccr metricset from your Elasticsearch module configuration.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-05-18T09:36:30.612Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpuacct":{"total":{"ns":2357965064}},"memory":{"mem":{"usage":{"bytes":157483008}}}},"cpu":{"system":{"ticks":1670,"time":{"ms":410}},"total":{"ticks":7820,"time":{"ms":1570},"value":7820},"user":{"ticks":6150,"time":{"ms":1160}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":37},"info":{"ephemeral_id":"fb630bac-2abe-4aad-868f-a7868c29ae14","uptime":{"ms":150365},"version":"8.7.0"},"memstats":{"gc_next":83684984,"memory_alloc":43897304,"memory_sys":4521984,"memory_total":1256961784,"rss":227368960},"runtime":{"goroutines":649}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":2160,"active":0,"batches":70,"duplicates":741,"total":2901},"read":{"bytes":911606},"write":{"bytes":5310354}},"pipeline":{"clients":34,"events":{"active":1,"filtered":1,"published":2901,"total":2902},"queue":{"acked":2901}}},"metricbeat":{"elasticsearch":{"cluster_stats":{"events":3,"success":3},"enrich":{"events":15,"success":15},"index":{"events":369,"success":369},"index_recovery":{"events":558,"success":558},"index_summary":{"events":3,"success":3},"node_stats":{"events":15,"success":15},"shard":{"events":741,"success":741}},"kibana":{"cluster_actions":{"events":3,"success":3},"cluster_rules":{"events":3,"success":3},"node_actions":{"events":3,"success":3},"node_rules":{"events":3,"success":3},"stats":{"events":3,"success":3}},"kubernetes":{"container":{"events":18,"success":18},"event":{"events":5,"success":5},"node":{"events":1,"success":1},"pod":{"events":13,"success":13},"state_container":{"events":399,"success":399},"state_deployment":{"events":87,"success":87},"state_node":{"events":15,"success":15},"state_pod":{"events":306,"success":306},"state_replicaset":{"events":285,"success":285},"system":{"events":3,"success":3},"volume":{"events":29,"success":29}},"system":{"cpu":{"events":1,"success":1},"filesystem":{"events":1,"success":1},"fsstat":{"events":1,"success":1},"load":{"events":1,"success":1},"memory":{"events":1,"success":1},"network":{"events":10,"success":10},"process":{"events":6,"success":6},"process_summary":{"events":1,"success":1}}},"system":{"load":{"1":0.51,"15":0.79,"5":0.44,"norm":{"1":0.0638,"15":0.0988,"5":0.055}}}},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2023-05-18T09:37:00.611Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":187},"message":"Non-zero metrics in the last 30s","service.name":"metricbeat","monitoring":{"metrics":{"beat":{"cgroup":{"cpuacct":{"total":{"ns":1833849424}},"memory":{"mem":{"usage":{"bytes":164655104}}}},"cpu":{"system":{"ticks":1800,"time":{"ms":130}},"total":{"ticks":8890,"time":{"ms":1070},"value":8890},"user":{"ticks":7090,"time":{"ms":940}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":35},"info":{"ephemeral_id":"fb630bac-2abe-4aad-868f-a7868c29ae14","uptime":{"ms":180364},"version":"8.7.0"},"memstats":{"gc_next":87600176,"memory_alloc":55319304,"memory_sys":4194304,"memory_total":1458035744,"rss":233480192},"runtime":{"goroutines":645}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"acked":1977,"active":0,"batches":66,"duplicates":741,"total":2718},"read":{"bytes":865292},"write":{"bytes":5013267}},"pipeline":{"clients":34,"events":{"active":95,"published":2812,"total":2812},"queue":{"acked":2718}}},"metricbeat":{"elasticsearch":{"cluster_stats":{"events":3,"success":3},"enrich":{"events":15,"success":15},"index":{"events":369,"success":369},"index_recovery":{"events":558,"success":558},"index_summary":{"events":3,"success":3},"node_stats":{"events":15,"success":15},"shard":{"events":741,"success":741}},"kibana":{"cluster_actions":{"events":3,"success":3},"cluster_rules":{"events":3,"success":3},"node_actions":{"events":3,"success":3},"node_rules":{"events":3,"success":3},"stats":{"events":3,"success":3}},"kubernetes":{"event":{"events":1,"success":1},"state_container":{"events":399,"success":399},"state_deployment":{"events":87,"success":87},"state_node":{"events":15,"success":15},"state_pod":{"events":306,"success":306},"state_replicaset":{"events":285,"success":285}}},"system":{"load":{"1":0.71,"15":0.8,"5":0.5,"norm":{"1":0.0888,"15":0.1,"5":0.0625}}}},"ecs.version":"1.6.0"}}
{"log.level":"warn","@timestamp":"2023-05-18T09:37:07.057Z","log.logger":"tls","log.origin":{"file.name":"tlscommon/tls_config.go","file.line":104},"message":"SSL/TLS verifications disabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-05-18T09:37:14.135Z","log.logger":"elasticsearch.ccr","log.origin":