Filebeat data stream not updated

I use filebeat to collect Suricata's JSON files，But the data stream display of FileBeat never updates,The logs I saw did not show any errors either

微信截图_202403071755041720×483 99.8 KB

filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
     Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-03-07 17:50:33 CST; 28s ago
       Docs: https://www.elastic.co/beats/filebeat
   Main PID: 3516 (filebeat)
      Tasks: 8 (limit: 4555)
     Memory: 49.2M
        CPU: 2.623s
     CGroup: /system.slice/filebeat.service
             └─3516 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs >

3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.542+0800","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1114},"messag>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.543+0800","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1143},"messag>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.543+0800","log.origin":{"file.name":"instance/beat.go","file.line":297},"message":"Setup Beat: fileb>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.546+0800","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.lin>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.546+0800","log.logger":"publisher","log.origin":{"file.name":"pipeline/module.go","file.line":113},">
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.547+0800","log.logger":"modules","log.origin":{"file.name":"fileset/modules.go","file.line":120},"me>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.547+0800","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.548+0800","log.logger":"kibana","log.origin":{"file.name":"kibana/client.go","file.line":179},"messa>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.615+0800","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/add_cloud_>
3月 07 17:50:38 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:38.616+0800","log.logger":"kibana","log.origin":{"file.name":"kibana/client.go","file.line":179},"messa>
~

This is my module configuration file

微信截图_20240307175822808×376 66.2 KB

I think it is the filebeat never able to connect to Elasticsearch. Can you show us the configuration of /etc/filebeat/filebeat.yaml? and can you test with command "filebeat test config" and "filebeat test output"

Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.