Filebeat doesn't bring me all the logs i need

Alexandros888 · June 11, 2020, 12:19pm

Hello,

I have filebeat and ELK version 7.7.0

I successfully enabled the Elasticsearch module of Filebeat and i can see server and gc logs now in kibana.

Nevertheless i cant see in kibana my gc, audit and deprecation logs.

My configuration and log path files are as the image show below;

What am i doing wrong?
Thank you

warkolm · June 15, 2020, 11:37pm

Please don't post pictures of text, they are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them

Alexandros888 · June 16, 2020, 6:44am

Hello Mark,

Thank you for the info i also include now the content of my yaml file for elasticsearch module:

# Module: elasticsearch
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.7/filebeat-module-elasticsearch.html

- module: elasticsearch
  # Server log
  server:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths:
     - /var/log/elasticsearch/*_server.json

  gc:
    enabled: true
    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths:

  audit:
    enabled: true
    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths:
     - /var/log/elasticsearch/*_audit.json

  slowlog:
    enabled: true
    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths:
     - /var/log/elasticsearch/*_index_search_slowlog.json
     - /var/log/elasticsearch/*_index_indexing_slowlog.json

  deprecation:
    enabled: true
    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths:
     - /var/log/elasticsearch/*_deprecation.json

and the kind of logs that i have in the path: /var/log/elasticsearch

have the following names:

SAG-TEST_audit.json
SAG-TEST_audit.log
SAG-TEST_deprecation.json
SAG-TEST_deprecation.log
SAG-TEST_index_indexing_slowlog.json
SAG-TEST_index_indexing_slowlog.log
SAG-TEST_index_search_slowlog.json
SAG-TEST_index_search_slowlog.log
SAG-TEST.log
SAG-TEST_server.json

Any help?

Thank you

Alexandros888 · June 22, 2020, 9:37am

Hello any possible news on that one ?

thank you

system · July 20, 2020, 11:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.