I'm new to configuring ELK stack. I had it setup without ssl and with ssl and back to without ssl. I did this because I was not able to get apache and mysql to send logs to the elk stack. I tried to send it to output.elasticsearch and could not figure out how to get the logs. I ran the setup and I saw it created the index and had no idea how to pull up the charts for either mysql or apache. I did the same with output.logstash. I noticed that when viewing in discover I see logs and if I'm not running the script filebeat -e I'm not getting any logs. I thought I only needed to setup the service and have it running. does this script need to be running in the background? I would love to be able to produce those nice dashboards shown in the examples.
Actually I run it and it does not log much data.
Maybe I have the configuration file wrong for logstash.
are you sending from Filebeat to Logstash and then on to Elastic, or is Filebeat configured to send directly? (e.g. output.elasticsearch.hosts or cloud.id & cloud.auth vs. output.logstash in the filebeat.yml?
Have you enabled the apache and mysql modules in Filebeat?
Heres a few links to the detailed config options:
Filebeat Elastic Cloud / Elasticsearch output config
Filebeat Module Config
I have an ELK server setup with https.
I setup filebeat, winlogbeat,heartbeat on the elk server.
- This server I'm running
-- filebeat with elasticsearch and logstash modules. all to elastic not logstash
-- heartbeat to elastic not logstash
-- winlogbeat to elastic not logstash
On my WordPress server:
-- Filebeat with apache module to elasticsearch not logstash.
I set this server up following the instructions in kibana, I get to the end "Data successfully received from this module"
I go to apache log dashboard and get this error.
AH00112: Warning: DocumentRoot [D:/Bitnami/wampstack/apache2/docs/dummy-host2.example.com] does not exist
Under discover I see logs from the server, however only from when I ran filebeat.exe -e
I have multiple vhost on this server and would love to see the information for each
I looked at the configuration Basic authentication: and I'm at a lose on how to get that to work. I tried setting up passwords and received on error. I did create the certificate and could not figure out how to use that.
How do you have Elasticsearch deployed? (Elastic Cloud, locally, docker based, via ECE/ECK orchestration?
I figured out the error with dummy-host
I'm running the filbeat.exe -e:
Error fetching fields for index pattern filebeat-* (ID: filebeat-*)
I'm going to start over with a new ELK server
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.