Filebeat doesn't bring me all the logs i need

Alexandros888 · June 11, 2020, 12:19pm

Hello,

I have filebeat and ELK version 7.7.0

I successfully enabled the Elasticsearch module of Filebeat and i can see server and gc logs now in kibana.

Nevertheless i cant see in kibana my gc, audit and deprecation logs.

My configuration and log path files are as the image show below;

What am i doing wrong?
Thank you

warkolm · June 15, 2020, 11:37pm

Please don't post pictures of text, they are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them

Alexandros888 · June 16, 2020, 6:44am

Hello Mark,

Thank you for the info i also include now the content of my yaml file for elasticsearch module:

# Module: elasticsearch
# Docs: https://www.elastic.co/guide/en/beats/filebeat/7.7/filebeat-module-elasticsearch.html

- module: elasticsearch
  # Server log
  server:
    enabled: true

    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths:
     - /var/log/elasticsearch/*_server.json

  gc:
    enabled: true
    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    #var.paths:

  audit:
    enabled: true
    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths:
     - /var/log/elasticsearch/*_audit.json

  slowlog:
    enabled: true
    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths:
     - /var/log/elasticsearch/*_index_search_slowlog.json
     - /var/log/elasticsearch/*_index_indexing_slowlog.json

  deprecation:
    enabled: true
    # Set custom paths for the log files. If left empty,
    # Filebeat will choose the paths depending on your OS.
    var.paths:
     - /var/log/elasticsearch/*_deprecation.json

and the kind of logs that i have in the path: /var/log/elasticsearch

have the following names:

SAG-TEST_audit.json
SAG-TEST_audit.log
SAG-TEST_deprecation.json
SAG-TEST_deprecation.log
SAG-TEST_index_indexing_slowlog.json
SAG-TEST_index_indexing_slowlog.log
SAG-TEST_index_search_slowlog.json
SAG-TEST_index_search_slowlog.log
SAG-TEST.log
SAG-TEST_server.json

Any help?

Thank you

Alexandros888 · June 22, 2020, 9:37am

Hello any possible news on that one ?

thank you

system · July 20, 2020, 11:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Don’t see logs in kibana stack monitoring Kibana elastic-stack-monitoring	22	1708	September 30, 2022
Don't see logs in kibana stack montoring Kibana	3	908	December 4, 2020
Kibana cant find Filebeat index Pattern Beats filebeat	20	5117	July 1, 2019
Cannot see logs in Elasticsearch configured through Filebeat Beats	4	859	February 22, 2019
"No logs for this cluster" Elasticsearch elastic-stack-monitoring	16	937	February 15, 2023

Filebeat doesn't bring me all the logs i need

Related topics