Problem description - since I have installed logstash I am seeing the following in kibana logs -
failed to format message from /var/lib/docker/.containers/xxx-json.log
If I remove logstash and send directly through elasticsearch I do not see these errors in kibana logs. It is also important to not that the data is getting to kibana. For some reason I am seeing error on some of the output. I will provide a sample at the end of this problem description.
filebeat config: (filebeat 6.8.6)
filebeat:
[{"paths": ["/var/log/docker/containers//.log*"], "fields": "paths": ["environment": "dev", "system" "test", "level": "docker-service"}, "json.keys_under_root": false, "tags": ["docker", "json", "dev"], "multiline": ["negate": true, "pattern": "^\[|^[0-9]{4]-[0-9]{2}-[0-9]{2}", "match": "after"}, "type": "log"} }]
config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
output:
logstash:
hosts: ["dev.logstash1.test:5044, "dev.logstash2.test:5044"]
loadbalance: true
logstash.config (7.7.0)
input {
beats => 5044
host => "x.x.x.x"
}
}
output {
elasticsearch {
hosts=> ["https://dev.logs1.test:9200", "https://dev.logs2.test:9200"]
ssl_certificate_verification => false
index => "logstash-app-%{+YYYY.MM.dd}"
}
}
}
elasticsearch config
cluster.name logger
node:
name: node1
master: true
data: true
ingest: true
path:
data:/usr/localshare/elasticsearch/applications/elasticsearch/data
logs: /usr/local/share/applications/elasticsearch/logs
bootstrap.memory_lock: true
network:
host: localhost
tcp_keep_alive: true
http:
port: 9201
publish_port: 9200
transport:
host: localhost
tcp.port: 9301
publish_host: localhost
publish_port: 19301
discovery.zen
minimum_master_nodes: 2
ping.unicast.hosts:
- localhost:19301
- localhost: 19302
- localhost: 19303
Kibana - (6.8.2)
kibana config
server.port: 5601
server.name "kibana"
elasticsearch.url: "https://dev.logs1.test:9200"
kibana.index: ".kibana"
kibana.defaultApppld: "discover"
server.ssl.enabled: true
server.ssl.certificate" "path_to_cert/cert.pem"
server.ssl.key: "path_to_cert/key.pem"
server.ssl.supportedProtocols: [TLSv1.2"]
elasticsearch.ssl.certificate: "path_to_cert/cert.pem"
elasticsearch.ssl.key: "path_to_cert/key.pem"
elastisearch.ssl.vertificationMode: none
pid.file: "path_to_pid/kibana.pid"
logging.dest: "/path_to_log/kibana.log"
have tried with and without- the following with not success -
xpack.infra.sources.fields.massage: ['message', '@message', 'json.message' ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
logging.silent: true
Sample data failing -