I am having some trouble understanding getting the default dashboards for Filebeat's Logstash module working.
I see Filebeat shipping data. I see that ElasticSearch has indexes for filebeat. I can search it using the DevTools tab. I can see it in the visualization tab under the filebeat-* index. I can even see my app logs from the source hosts in the Logs tab of Kibana.
But when I go to Dashboards and select "Dashboard Logstash Logs [Filebeat Logstash]" all the visualizations report that there is no data.
One other thing about this, I used the instructions from the Kibana instance home page for setting up filebeat. The last thing it gives you is a button that "Check that data is received from the Filebeat logstash module". This is the result pressing that button "No data has been received from this module yet".
This is based on a misunderstanding on my part. From the docs in Kibana I had assumed that the log stash module had to be enabled, which led me to assume the dashboards will be loaded. But it turns out that filebeat will happily ingest any logs defined in paths: and then you have to build your own dashboard from the filebeat-* index
Hi Pier, thanks for the response. I have basically got my problem sorted out by using a custom dashboard. From any one host in our systems I need to ingest Nginx logs, Logback logs, and custom application logs.
The Nginx logs work great, and i just use the Filebeat module.
The logback logs work as well, I have defined paths and multiline processing directives in filebeat.yml
The custom application logs are working as well, also defined directives in filebeat.yml
So I believe all is working correctly. I am having some parsing issues with Grok to work through, but i was going to make another post about that.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.