I have installed ElasticSearch, Kibana, FileBeat and WinLogBeats and everything seems to be working fine. I can query the logs from Kibana basically. the problem is, when I check the index patterns for winlogbeats-* and filebeats-* I can find today's index, however, I don't see any logs (checking under Discover). obviously I see the same under elasticsearch too. somehow, Kibana doesn't show me today's data, it will only show up to last night. I played with Time Range but no luck. this means I cannot see real time win logs or logs captured from fielbeats. by the way, I don't use any LogStash.
@Marteen welcome to the forums! I have a hunch that this has to due with timezones, depending on how your setup is configured.
Are you using default configs, and if not can you share relevant parts of them so we can debug further?
Thanks. I also think it might have something to do with timezone. By default it's set to Browser and I cannot change it becuase I get a UI fatal error. I think the error is due to space; elasticsearch logs complain about space thresholds and I think that has blocked my indexes. I have freed space about 20% but still cannot make changes to kibana's timezone!
Ideally, browser's (chrome) timezone matches system timezone though!
I resolved the issue.
it was due to space. I made more space on my c drive where elasticsearch is configured. I also had to remove old indecies using Curator. and also had to set read_only_allow_delete to false under dev tools, because apaprently when space is low kibana will put configs in read-only mode automatically.
no changes to timezone was required. after above changes today's data flew into kibana.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.