How can I confirm elasticsearch is receiving data?


#1

I recently updated my log shipper (Filebeat) from 1.x to 5.x. After the upgrade, Kibana has stopped showing any new data. I turned on debug mode on Filebeat and confirmed that its able to connect to my ES cluster and that it is able to flush the data out.

I want to confirm whether or not ES is actually receiving it, but I'm not sure how. Is there anyway to do so?


(Alexander Reelsen) #2

Hey,

use the cat API to find out if indices with current timestamps are created or the document count of existing indices changes.

If that is not the case, the data is not received on the elasticsearch side, and you might want to use tools like netstat to find out if there are open network connections between the filebeat host and elasticsearch - but check the indices first.

Also dont forget the filebeat output, maybe you spot an error there.

--Alex


(system) #3