Filebeat data stream not updated

star2 · March 7, 2024, 9:57am

I use filebeat to collect Suricata's JSON files，But the data stream display of FileBeat never updates,The logs I saw did not show any errors either

filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
     Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-03-07 17:50:33 CST; 28s ago
       Docs: https://www.elastic.co/beats/filebeat
   Main PID: 3516 (filebeat)
      Tasks: 8 (limit: 4555)
     Memory: 49.2M
        CPU: 2.623s
     CGroup: /system.slice/filebeat.service
             └─3516 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs >

3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.542+0800","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1114},"messag>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.543+0800","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1143},"messag>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.543+0800","log.origin":{"file.name":"instance/beat.go","file.line":297},"message":"Setup Beat: fileb>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.546+0800","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.lin>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.546+0800","log.logger":"publisher","log.origin":{"file.name":"pipeline/module.go","file.line":113},">
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.547+0800","log.logger":"modules","log.origin":{"file.name":"fileset/modules.go","file.line":120},"me>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.547+0800","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":145},"message>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.548+0800","log.logger":"kibana","log.origin":{"file.name":"kibana/client.go","file.line":179},"messa>
3月 07 17:50:36 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:36.615+0800","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/add_cloud_>
3月 07 17:50:38 star-virtual-machine filebeat[3516]: {"log.level":"info","@timestamp":"2024-03-07T17:50:38.616+0800","log.logger":"kibana","log.origin":{"file.name":"kibana/client.go","file.line":179},"messa>
~

star2 · March 7, 2024, 9:59am

This is my module configuration file

larryed · March 9, 2024, 4:42am

I think it is the filebeat never able to connect to Elasticsearch. Can you show us the configuration of /etc/filebeat/filebeat.yaml? and can you test with command "filebeat test config" and "filebeat test output"

Thanks

system · April 6, 2024, 6:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.