I am running ELK 6.2.4 (Elasticsearch, Kibana and Filebeat) on Centos 7. I see all the logs from /var/log/messages in Kibana "Discover" window, BUT for some reason the syslog fields are missing in the "available fields" list. Can you please point on a possible reason for that ?
I can supply any needed information, when in general I can say that all was configured by the book including:
enabling system module
filebeat setup
ingest-geoip plugin installation
Looks like there is something basic that I am missing.
Please note that when running ELK on Ubuntu everything worked fine.
It might be that the field list in the Kibana index pattern needs to be updated. I would first try going to the management app (on the left nav) then clicking on "Index Patterns" under the Kibana subhead. From there click on the name of the index pattern. You should see a group of buttons in the top right hand corner of the screen that looks like:
Click the middle button to "refresh" the fields for that index pattern.
Ok, I restarted the ELK and eventually managed to do "refresh" per your example above without any errors, but the problem remains. syslog fields are not there.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
