Hi,
I am new to ELK and IT field started as a devops recently so you can consider me being a complete noob.
I am having trouble setting up the filebeat nginx dashboard.
deployed the ELK on Kubernetes cluster, using the nginx ingress, I can see the logs coming but it doesn't include the GEOIP in fields, i have used the ingest pipeline as suggested in the link Enrich events with geoIP information | Filebeat Reference [7.17] | Elastic but still it doesn't work .
However It works fine if i use the logstash as the output with filter, then geo.location is detected and i can see the geo.location on map but the dashboard couldn't find the filebeat index and using setup.dashboards.index: "logstash-*" still wont work. it still looks for filebeat index
attaching the configmap for reference
filebeat.yml: |-
setup.dashboards.enabled: true
setup.template.settings:
index.number_of_shards: 1
filebeat.autodiscover:
providers:
- type: kubernetes
node: ${NODE_NAME}
hints.enabled: true
templates:
- config:
- type: container
paths:
- /var/lib/docker/containers/*/${data.kubernetes.container.id}-json.log
exclude_lines: ["^\\s+[\\-`('.|_]"]
processors:
- drop_event.when.not.or:
- equals.kubernetes.namespace: "ingress-nginx"
processors:
- add_cloud_metadata:
- add_host_metadata:
- add_docker_metadata:
- add_kubernetes_metadata:
output.elasticsearch:
hosts: elasticsearch.kube-logging:9200
pipeline: geoip-info
#output.logstash:
#hosts: logstash-service.kube-logging:5044
setup.kibana.host: "kibana-np.kube-logging.svc.cluster.local"
setup.kibana.protocol: "http"
setup.dashboards.index: "logstash-*"
any help will be greatly appreciated if someone can help me point out what i am doing wrong.
Thanks