Filebeat & NGINX Logs

Hi. I have enabled the filebeat modules enable nginx (and restarted it). I'm hitting the nginx engine (and generating some logs in /var/log/nginx/access.log & error.log but I am not seeing anything in Elasticsearch. Do I need to add some config in the filebeat.yml file?

Did you follow the documentation and configure the path to your nginx logs? This may be different from the default built into filebeat.

Also, make sure that filebeat is configured correctly to talk to your elasticsearch instance, in particular if you're using X-Pack Security.

Yes I just did thanks, I updated etc/filebeat/modules.d/nginx.yml with my location of the 2 files (standard location /var/log/nginx/*) and then installed these 2 Elasticsearch plugins on all the ES nodes.

sudo /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-user-agent
sudo /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-geoip

Just checked my Nginx error logs [Filebeat Nginx] Dashboard but the error.log has the wrong time.. it's in Zulu.

My Cluster + Nginx and Filebeat have all the right time (ntp sync'd).

Performed a full cluster reboot and also upgraded from 6.2.2. --> 6.2.3. It's good now.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.