Filebeat http endpoint message doesn't show up in Log

snowfrogdev · February 27, 2021, 10:31pm

This is what I get:

This is my request:

This is my config file:

filebeat.inputs:
  - type: http_endpoint
    enabled: true
    listen_address: filebeat
    listen_port: 8088
    response_code: 200

output.elasticsearch:
  hosts: "${ELASTICSEARCH_HOSTS:elasticsearch:9200}"

setup.kibana:
  hosts: "kibana:5601"

And this is my docker-compose file

version: '2.2'
services:
  apm-server:
    image: docker.elastic.co/apm/apm-server:7.11.0
    depends_on:
      elasticsearch:
        condition: service_healthy
      kibana:
        condition: service_healthy
    cap_add: ["CHOWN", "DAC_OVERRIDE", "SETGID", "SETUID"]
    cap_drop: ["ALL"]
    ports:
    - 8200:8200
    networks:
    - elastic
    command: >
       apm-server -e
         -E apm-server.rum.enabled=true
         -E setup.kibana.host=kibana:5601
         -E setup.template.settings.index.number_of_replicas=0
         -E apm-server.kibana.enabled=true
         -E apm-server.kibana.host=kibana:5601
         -E output.elasticsearch.hosts=["elasticsearch:9200"]
    healthcheck:
      interval: 10s
      retries: 12
      test: curl --write-out 'HTTP %{http_code}' --fail --silent --output /dev/null http://localhost:8200/
  
  filebeat:
    image: docker.elastic.co/beats/filebeat:7.11.0
    depends_on:
      elasticsearch:
        condition: service_healthy
      kibana:
        condition: service_healthy
    cap_add: ["CHOWN", "DAC_OVERRIDE", "SETGID", "SETUID"]
    cap_drop: ["ALL"]
    command: filebeat -e -strict.perms=false
    volumes:
    - ./filebeat.docker.yml:/usr/share/filebeat/filebeat.yml:ro
    networks:
    - elastic
    ports:
    - 8088:8088
    healthcheck:
      interval: 10s
      retries: 12
      test: curl --write-out 'HTTP %{http_code}' --fail --silent --output /dev/null http://localhost:8200/

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.0
    environment:
    - bootstrap.memory_lock=true
    - cluster.name=docker-cluster
    - cluster.routing.allocation.disk.threshold_enabled=false
    - discovery.type=single-node
    - ES_JAVA_OPTS=-XX:UseAVX=2 -Xms1g -Xmx1g
    ulimits:
      memlock:
        hard: -1
        soft: -1
    volumes:
    - esdata:/usr/share/elasticsearch/data
    ports:
    - 9200:9200
    networks:
    - elastic
    healthcheck:
      interval: 20s
      retries: 10
      test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"'

  kibana:
    image: docker.elastic.co/kibana/kibana:7.11.0
    depends_on:
      elasticsearch:
        condition: service_healthy
    environment:
      ELASTICSEARCH_URL: http://elasticsearch:9200
      ELASTICSEARCH_HOSTS: http://elasticsearch:9200
    ports:
    - 5601:5601
    networks:
    - elastic
    healthcheck:
      interval: 10s
      retries: 20
      test: curl --write-out 'HTTP %{http_code}' --fail --silent --output /dev/null http://localhost:5601/api/status

volumes:
  esdata:
    driver: local

networks:
  elastic:
    driver: bridge

Why aren't my log events displaying properly?

stephenb · February 28, 2021, 12:40am

Hi @snowfrogdev welcome to the community!

To precise your message is absolutely showing up in elastic / logs you are just not seeing it the log viewer message column

In the log viewer it is expecting the message to be in message field at the root level yours is in json.message

Probably 2 ways to fix...

Set the prefix in your filebeat.yml to empty string looks like it defaults to json (docs may be missing that new feature

prefix: ""
Or
prefix:

Or go to the Settings in the log viewer and a the field json.message to the display

system · March 28, 2021, 12:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.