Error INFO No non-zero metrics in the last 30s

hadivarp · August 10, 2017, 11:52am

I know this error is repeated a lot but I am really confused . I need to run file beat and ELK on two different server witch one of the is client and the other sever . I follow all the steps that comes in instruction . about the server all things is right because I test as instruction said and elk response positive but about file beat as the others I follow the steps but it gave me this :

[root@localhost filebeat]# ./filebeat -e -c filebeat.yml -d "publish"
\2017/08/10 11:49:18.942046 beat.go:285: INFO Home path: [/home/new/filebeat] Config path: [/home/new/filebeat] Data path: [/home/new/filebeat/data] Logs path: [/home/new/filebeat/logs]
2017/08/10 11:49:18.942076 beat.go:186: INFO Setup Beat: filebeat; Version: 5.5.1
2017/08/10 11:49:18.942176 metrics.go:23: INFO Metrics logging every 30s
2017/08/10 11:49:18.942258 output.go:258: INFO Loading template enabled. Reading template file: /home/new/filebeat/filebeat.template.json
2017/08/10 11:49:18.943409 output.go:269: INFO Loading template enabled for Elasticsearch 2.x. Reading template file: /home/new/filebeat/filebeat.template-es2x.json
2017/08/10 11:49:18.955688 output.go:281: INFO Loading template enabled for Elasticsearch 6.x. Reading template file: /home/new/filebeat/filebeat.template-es6x.json
2017/08/10 11:49:18.969128 client.go:128: INFO Elasticsearch url: http://192.168.80.131:5000
2017/08/10 11:49:18.969224 outputs.go:108: INFO Activated elasticsearch as output plugin.
2017/08/10 11:49:18.969253 publish.go:238: DBG Create output worker
2017/08/10 11:49:18.969608 publish.go:280: DBG No output is defined to store the topology. The server fields might not be filled.
2017/08/10 11:49:18.969855 publish.go:295: INFO Publisher name: localhost.localdomain
2017/08/10 11:49:18.972041 async.go:63: INFO Flush Interval set to: 1s
2017/08/10 11:49:18.972070 async.go:64: INFO Max Bulk Size set to: 50
2017/08/10 11:49:18.972119 async.go:72: DBG create bulk processing worker (interval=1s, bulk size=50)
2017/08/10 11:49:18.983583 beat.go:221: INFO filebeat start running.
2017/08/10 11:49:18.983642 registrar.go:85: INFO Registry file set to: /home/new/filebeat/data/registry
2017/08/10 11:49:18.983682 registrar.go:106: INFO Loading registrar data from /home/new/filebeat/data/registry
2017/08/10 11:49:18.990299 registrar.go:123: INFO States Loaded from registrar: 0
2017/08/10 11:49:18.990414 crawler.go:38: INFO Loading Prospectors: 1
2017/08/10 11:49:18.990433 registrar.go:236: INFO Starting Registrar
2017/08/10 11:49:18.990471 sync.go:41: INFO Start sending events to output
2017/08/10 11:49:18.990579 prospector_log.go:65: INFO Prospector with previous states loaded: 0
2017/08/10 11:49:18.990646 prospector.go:124: INFO Starting prospector of type: log; id: 8284376112863071513
2017/08/10 11:49:18.990655 crawler.go:58: INFO Loading and starting Prospectors completed. Enabled prospectors: 1
2017/08/10 11:49:18.990674 spooler.go:63: INFO Starting spooler: spool_size: 2048; idle_timeout: 5s
2017/08/10 11:49:48.945277 metrics.go:34: INFO No non-zero metrics in the last 30s
2017/08/10 11:50:18.943965 metrics.go:34: INFO No non-zero metrics in the last 30s
2017/08/10 11:50:48.943557 metrics.go:34: INFO No non-zero metrics in the last 30s

this is my file beat configuration :

filebeat.prospectors:


- input_type: log 
  
  paths:
    - /usr/share/tomcat/log_app/news/*.log

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  
  hosts: ["192.168.80.131:9200"]
	
#----------------------------- Logstash output --------------------------------
#output.logstash:
  
  hosts: ["192.168.80.131:5000"]

this is my logstash config :

input {
    beats {
        port => "5000"
    }
}
 filter {
    grok {
        match => { "message" => "%{COMBINEDAPACHELOG}"}
    }
    geoip {
        source => "clientip"
    }
}
output {
    elasticsearch {
        hosts => [ "localhost:9200" ]
	index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
        document_type => "%{[@metadata][type]}"
	
    }
}

I follow this article : https://stackoverflow.com/questions/41949989/info-no-non-zero-metrics-in-the-last-30s-message-in-filebeat

but noting change .

I use
Elasticsearch : 5.5.1
kibana : 5.5.1
logstash : 5.5.1
file beat : 5.5.1

Please help me

steffens · August 10, 2017, 2:35pm

check your filebeat configuration. You want to send to logstash or elasticsearch? For example see log message 2017/08/10 11:49:18.969128 client.go:128: INFO Elasticsearch url: http://192.168.80.131:5000. You really want to send to ES, not LS?

Can you try:

filebeat.prospectors:
- input_type: log   
  paths:
    - /usr/share/tomcat/log_app/news/*.log

#----------------------------- Logstash output --------------------------------
output.logstash:  
  hosts: ["192.168.80.131:5000"]

hadivarp · August 12, 2017, 6:32am

I change what you said but noting change again , I found this link but still as the same .

please help

steffens · August 14, 2017, 12:52pm

Can you share filebeat logs with the new configuration?

venkatmatta · August 15, 2017, 6:13pm

i am also getting same error but i am running the filebeat in windows

error msg

2017-08-15T13:59:23-04:00 INFO Non-zero metrics in the last 30s: registrar.states.update=1 publish.events=1 libbeat.publisher.published_events=1 libbeat.es.publish.read_bytes=340 libbeat.es.published_and_acked_events=1 libbeat.es.call_count.PublishEvents=1 libbeat.es.publish.write_bytes=82065 registrar.writes=1

filebeat.prospectors:

Paths that should be crawled and fetched. Glob based paths.

paths:
#- /var/log/*.log

- E:\apache-jmeter-3.1\bin\jmeter.log

- E:\apache-jmeter-3.1\bin\jmeter-server.log

- E:\apache-jmeter-3.0\bin\jmeter.log

- E:\apache-jmeter-3.1\bin\jmeter-server.log

- E:\Scale\Errors\error.log
multiline.pattern: ^[0-9]{4}/[0-9]{2}/[0-9]{2}

multiline.negate: true
multiline.match: after

output.elasticsearch:

Array of hosts to connect to.

hosts: ["http://10.140.32.12:9200"]

Please let me know if i need to do any config changes

steffens · August 15, 2017, 7:56pm

This is no error. It's an INFO message containing information about internal metric changes. This helps us in getting some insights from users having problems.

The metrics libbeat.es.published_and_acked_events indicates an event has been published to Elasticsearch.

venkatmatta · August 15, 2017, 8:01pm

Sorry for misstatement , i am unable to see any stats in the kibana dashboard though filebeats is running in my machine

steffens · August 16, 2017, 1:22pm

@venkatmatta can you please open a new topic with complete config + logs (format using the </> button to make you post somewhat readable). Your problem seems different from original discussion. Let's not highjack this discussion.

system · September 13, 2017, 1:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.