Filebeats only sends logs when I have filebeat -e running

plegault · August 15, 2020, 9:45am

I'm new to configuring ELK stack. I had it setup without ssl and with ssl and back to without ssl. I did this because I was not able to get apache and mysql to send logs to the elk stack. I tried to send it to output.elasticsearch and could not figure out how to get the logs. I ran the setup and I saw it created the index and had no idea how to pull up the charts for either mysql or apache. I did the same with output.logstash. I noticed that when viewing in discover I see logs and if I'm not running the script filebeat -e I'm not getting any logs. I thought I only needed to setup the service and have it running. does this script need to be running in the background? I would love to be able to produce those nice dashboards shown in the examples.

plegault · August 15, 2020, 9:52am

Actually I run it and it does not log much data.

plegault · August 15, 2020, 9:53am

Maybe I have the configuration file wrong for logstash.

Dain.Perkins · August 18, 2020, 3:15pm

Hi @plegault,

are you sending from Filebeat to Logstash and then on to Elastic, or is Filebeat configured to send directly? (e.g. output.elasticsearch.hosts or cloud.id & cloud.auth vs. output.logstash in the filebeat.yml?

Have you enabled the apache and mysql modules in Filebeat?

Heres a few links to the detailed config options:

Filebeat Elastic Cloud / Elasticsearch output config
- https://www.elastic.co/guide/en/beats/filebeat/current/configure-cloud-id.html
- https://www.elastic.co/guide/en/beats/filebeat/current/elasticsearch-output.html
Filebeat Module Config
- https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-apache.html
- https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-mysql.html

Thanks
-d

plegault · August 18, 2020, 4:42pm

Hi Dain,
I have an ELK server setup with https.
I setup filebeat, winlogbeat,heartbeat on the elk server.

This server I'm running
-- filebeat with elasticsearch and logstash modules. all to elastic not logstash
-- heartbeat to elastic not logstash
-- winlogbeat to elastic not logstash
On my WordPress server:
-- Filebeat with apache module to elasticsearch not logstash.
I set this server up following the instructions in kibana, I get to the end "Data successfully received from this module"

I go to apache log dashboard and get this error.
AH00112: Warning: DocumentRoot [D:/Bitnami/wampstack/apache2/docs/dummy-host2.example.com] does not exist

Under discover I see logs from the server, however only from when I ran filebeat.exe -e

I have multiple vhost on this server and would love to see the information for each

plegault · August 18, 2020, 4:47pm

I looked at the configuration Basic authentication: and I'm at a lose on how to get that to work. I tried setting up passwords and received on error. I did create the certificate and could not figure out how to use that.

Dain.Perkins · August 18, 2020, 5:03pm

@plegault

How do you have Elasticsearch deployed? (Elastic Cloud, locally, docker based, via ECE/ECK orchestration?

Dain.Perkins · August 18, 2020, 5:09pm

Phil,

plegault · August 18, 2020, 5:34pm

Locally
I figured out the error with dummy-host

I'm running the filbeat.exe -e:
getting
Error fetching fields for index pattern filebeat-* (ID: filebeat-*)

Conflict

plegault · August 18, 2020, 5:45pm

Locally

plegault · August 19, 2020, 11:58am

@Dain.Perkins
I'm going to start over with a new ELK server

system · September 16, 2020, 1:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.