Filebeats + nginx problem

Elastic Stack Beats
1

Hello,

Im new in ELK and i want run that concept:

Nginx -> logstash -> Elastic -> Kibana
(Standard ELK)

But when i try config all i have that problem:

When i run:

filebeat setup -e:

2018-07-27T13:58:10.146Z	ERROR	instance/beat.go:691	Exiting: Error getting config for fileset nginx/access: Error interpreting the template of the input: template: text:3:22: executing "text" at <.paths>: range can't iterate over /var/log/nginx/access.log
Exiting: Error getting config for fileset nginx/access: Error interpreting the template of the input: template: text:3:22: executing "text" at <.paths>: range can't iterate over /var/log/nginx/access.log

Thats is my nginx.yml from modules.d

  • module: nginx

    Access logs

    access:
    enabled: true

    Set custom paths for the log files. If left empty,

    Filebeat will choose the paths depending on your OS.

    var.paths: /var/log/nginx/access.log

    Error logs

    error:
    enabled: true

    Set custom paths for the log files. If left empty,

    Filebeat will choose the paths depending on your OS.

    var.paths: /var/log/nginx/error.log

And my logstash config:
input {
beats {
port => 5400
}
}

filter {
 grok {
   match => [ "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields}"]
   overwrite => [ "message" ]
 }
 mutate {
   convert => ["response", "integer"]
   convert => ["bytes", "integer"]
   convert => ["responsetime", "float"]
 }
 geoip {
   source => "clientip"
   target => "geoip"
   add_tag => [ "nginx-geoip" ]
 }
 date {
   match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
   remove_field => [ "timestamp" ]
 }
 useragent {
   source => "agent"
 }
}

output {
 elasticsearch {
   hosts => ["xxx.xxx.xxx.xxx:9200"]
   index => "weblogs-%{+YYYY.MM.dd}"
   document_type => "nginx_logs"
 }
 stdout { codec => rubydebug }
}

Someone can help please?

2

be sure you have enabled the ngnix module

./filebeat modules enable nginx

link inspiration

3

Thanks for answer!

Yeah i have enabled nginx module:
Enabled:
nginx

Disabled:
apache2
auditd
icinga
iis
kafka
logstash
mongodb
mysql
osquery
postgresql
redis
system
traefik

4 
./filebeat -e
5

filebeat -e

2018-07-27T14:51:01.054Z ERROR instance/beat.go:691 Exiting: Error getting config for fileset nginx/error: Error interpreting the template of the input: template: text:3:22: executing "text" at <.paths>: range can't iterate over /var/log/nginx/error.log
Exiting: Error getting config for fileset nginx/error: Error interpreting the template of the input: template: text:3:22: executing "text" at <.paths>: range can't iterate over /var/log/nginx/error.log

Did you maybe have another suggest/idea? :confused:

6 
- module: nginx
  access:
      enabled: true
      var.paths: ["/var/log/nginx/access.log"]
  error:
      enabled: true
      var.paths: ["/var/log/nginx/error.log"]
7

Thanks for another idea. I change nginx.yml like that you send and i see nothing - maybe filebeat work and i must wait a while.

When i get a any output i send that here :slight_smile:

8

yes indeed, he must write at the log level.

try to access your ngnix server. you will see a few things

9

Thanks For info :slight_smile: i wait for some output. if i get any info i post that

10

Now is nothing happened. When i run filebeat -e i have black screen and i dont get error/info etc :confused: nothing happend too with kibana.

11

let it go and go to kibana / dasborad / chose filebeat-ngnix

12

Nothing - 0 output, in kibana i see only

No data to display for the selected metrics

No results displayed because all values equal 0.

Operating systems breakdown [Filebeat Nginx]

When i choice

13

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.