Fields.servername not showing in kibana dashbaord

Hi yall,

I have been using AWS ES service for kibana and all the clients running with filebeat and the logstash is forwarding the logs to ES.

Below is my filebeat configuration for your reference.

filebeat:
prospectors:
-
input_type: log
paths:
- /home/ubuntu/SSL/hybris/log/tomcat/console-*.log
fields:
type: hybris_console_log
environment: Production
layer: App
servername: ss-new-prod-customerfacing2
document_type: hybris_console_log

-
  input_type: log
  paths:
    - /home/ubuntu/SSL/hybris/log/tomcat/access.*.log
  fields:
     type: hybris_access_log
     environment: Production
     layer: App
     servername: ss-new-prod-customerfacing2
  document_type: hybris_access_log

output:
logstash:
hosts: ["10.7.3.210:5044"]
bulk_max_size: 2048
shipper:
logging:
to_syslog: false
to_files: true
files:
path: /var/log/filebeat
name: filebeat.log
keepfiles: 7
rotateeverybytes: 10485760 # = 10MB
level: info

The same config with different value of the parameters have been configured in all servers. But some of the server names not showing in kibana dashboard.

Here you can see in past 7 days logs it showing only 4 hostnames.

Kindly help me in this case if anyone knows. Thanks in advance.

Hi

From your screenshot it appears that the column on the left only shows results from the most recent 500 entries, so it wont show servers. It just may not have all the servers because it's only checking 500 documents. The discover page only pulls down 500 documents by default. The quick counts are all calculated in the browser, so it doesn't have any more data than that
Can you do a terms aggregation on field.servername with a data table visualization to get all the hosts? I think that is the way to get server names to show in the kibana dashboards. Hope this helps.

Thanks
Rashmi

Thanks for your inputs Rashmi.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.