HI
New here and new to ELK. We have a 7.4.2 setup in DEV/UAT to evaluate ELK with beats. We are using Logstash to accept all beats traffic and put Nginx in front of Kibana.
For Filebeat, we get "No result found" for sudo and ssh. We do get logs in the "Syslog logs [Filebeat System] ECS" section, but there's no data in the process.name column. We get the full message in the message column such as below but obvious the fields are not processed/filtered.
Any suggestions on what should we test/change?
Thanks
Will
2019-12-01T12:57:01.490432-05:00 dev02 cron[26807]: pam_unix(crond:session): session opened for user john by (uid=0)
2019-12-01T12:57:01.493409-05:00 sdev02 systemd[1]: Created slice User Slice of john.
2019-12-01T12:57:01.495883-05:00 dev02 systemd[1]: Started Session 2729 of user john.
For logstash, we are using example config from the doc.
https://www.elastic.co/guide/en/logstash/6.7/logstash-config-for-filebeat-modules.html#parsing-system