Export dashboard to Kibana fail

mcoa · October 5, 2018, 3:04am

Hello,
I'm try export dashboard to Kibana from filebeat but some dashboard give error (field not found). my client i've:

filebeat.yml

filebeat.inputs:
- type: log
  enabled: true
  paths:
    -/var/log/secure
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 3
setup.dashboards.enabled: true
setup.dashboards.directory: ${path.home}/kibana
setup.dashboards.index: filebeat-*
setup.kibana:
  host: "192.168.0.xxx:5601"
output.logstash:
  hosts: ["192.168.0.xxx:5044"]

And system module:

[root@web01 modules.d]# cat system.yml |grep -v "#"
- module: system
  syslog:
    enabled: true
    var.paths: ["/var/log/messages"]
  auth:
    enabled: true
    var.paths: ["/var/log/secure"]

In the "visualize" the field is empty (the same with other dashboard and visualize from filebeat)

Thanks.

kvch · October 5, 2018, 6:24am

How have you exported the dashboards?

mcoa · October 5, 2018, 12:48pm

Hi,
I'm exported dashboard with command

filebeat setup --dashboards

And the filebeat.yml i've setting the value:

setup.dashboards.enabled: true

Thanks.

kvch · October 5, 2018, 1:34pm

Dashboards need index templates also which are also imported by filebeat setup. You need to run filebeat setup without the flag.

mcoa · October 5, 2018, 1:56pm

I execute the command and change te output to elastic but not found..

[root@web01 filebeat]# filebeat setup
Loaded index template
Loading dashboards (Kibana must be running and reachable)
Loaded dashboards
Loaded machine learning job configurations

output.elasticsearch:
  hosts: ["192.168.0.xxx:9200"]

Output log

|2018-10-05T10:41:09.296-0300|INFO|elasticsearch/client.go:712|Connected to Elasticsearch version 6.4.1|
|---|---|---|---|
|2018-10-05T10:41:09.297-0300|INFO|kibana/client.go:113|Kibana url: http://192.168.0.xxx:5601|
|2018-10-05T10:41:37.452-0300|INFO|instance/beat.go:659|Kibana dashboards successfully loaded.|
|2018-10-05T10:41:37.452-0300|INFO|elasticsearch/client.go:163|Elasticsearch url: http://192.168.0.xxx:9200|
|2018-10-05T10:41:37.455-0300|INFO|elasticsearch/client.go:712|Connected to Elasticsearch version 6.4.1|
|2018-10-05T10:41:37.455-0300|INFO|kibana/client.go:113|Kibana url: http://192.168.0.xxx:5601|

For example,from Kibana -> visualize -> select "SSH login attempts [Filebeat System]" , and the field is empty but search option and only list with ...keyboard system.auth.ssh.event.keyword when the doc says system.auth.ssh.event .

mcoa · October 8, 2018, 9:33pm

Hello,
The solution was delete an rebuild the filebeat and .kibana index. No idea what was wrong before.

Thanks.

system · November 5, 2018, 9:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat 6.5.4 not able to create kibana dashboard Beats filebeat	2	934	March 18, 2019
Cannot see filebeat dashboards in kibana after installing and configuring them as per docs Beats filebeat	2	1568	February 6, 2018
Error trying to import dashboards to kibana with filebeat Beats filebeat	5	4573	June 17, 2020
Kibana dashboard import: failed to parse field visualization.kibanaSavedObjectMeta.searchSourceJSON Beats filebeat	8	2301	February 1, 2019
Filebeat error while setting up dashboard Beats filebeat	7	3081	January 31, 2018

Export dashboard to Kibana fail

Related topics