I am trying to pass the log file from the beats to the Elasticsearch.
my problem is that even though the beats harvest the log file from the log directory, there is no update in Elasticsearch index management in Kibana.
The number of docs and the size of storage didn't increase.
it didn't show me any error, so it is hard to figure out what is the problem.
Please leave any comments to solve this question.
program version :
Elasticsearch : 7.6.2
kibana : 7.6.2
logstach : 7.6.2
filebeat : 7.6.2
Data format :
{"time":"2020-06-08T16:03:47Z","count":2.0,"CarModel":"Hyundai I30","location":{"lat":-31.92766,"lon":115.88204}}
It looks like you are sending the data to Logstash and then to Elasticseach. In this, you need to first verify that events are successfully sent to Logstash from Filebeat and then from Logstash to ES.
Do you see any errors in Logstash output?
Could you run Filebeat in debug mode and check that events can be sent to Logstash?
Hi,
First of all, there was no error showed up in Logstash output, it is pretty tough to address it.
But, thankfully, the problem was solved.
The way to solve it is that the log file should has more than one line in each file.
So, I want to ask do you know why does it happen?
Why the Elasticsearch didn't go through the process when the log file has only one line?
I don't really see any reason for this to happen. I would again try to investigate if the log is normally collected and sent by Filebeat to Logstash and then to ES. Where it seems to get stucked?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
