Installed filebeat on next server, but I can't see any data in Kibana

Elastic Stack Beats
1

Hi,

weeks ago I installed ElasticSearch, Logstash, Kibana and Filebeat on same server. It wors fine. Filebeat I'm using for syslog, nginx and postgresql monitoring.

Today installed Filebeat on other server. I don't see any error, data will be sended to the ElasticSearch on other sever (there is no error) but I can't see them in Kibana.

Okt 31 01:54:11 nuc-mini-data-server systemd[1]: Started Filebeat sends log files to Logstash or directly to Elasticsearch..
[Sa Okt 31][01:54:39][xxx]@[nuc-mini-data-server]:[~]$ elk_f_status
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
     Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2020-10-31 01:54:11 CET; 28s ago
       Docs: https://www.elastic.co/products/beats/filebeat
   Main PID: 49763 (filebeat)
      Tasks: 13 (limit: 38276)
     Memory: 84.8M
     CGroup: /system.slice/filebeat.service
             └─49763 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.log>

Okt 31 01:54:11 nuc-mini-data-server systemd[1]: Started Filebeat sends log files to Logstash or directly to Elasticsearch..
[Sa Okt 31][01:57:15][xxx]@[nuc-mini-data-server]:[~]$ elk_f_status
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
     Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2020-10-31 01:54:11 CET; 3min 4s ago
       Docs: https://www.elastic.co/products/beats/filebeat
   Main PID: 49763 (filebeat)
      Tasks: 13 (limit: 38276)
     Memory: 89.8M
     CGroup: /system.slice/filebeat.service
             └─49763 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.log>

Okt 31 01:54:11 nuc-mini-data-server systemd[1]: Started Filebeat sends log files to Logstash or directly to Elasticsearch..
Okt 31 01:54:41 nuc-mini-data-server systemd-journald[7964]: Suppressed 852193 messages from filebeat.service
Okt 31 01:54:41 nuc-mini-data-server filebeat[49763]: 2020-10-31T01:54:41.231+0100        INFO        [monitoring]        log/log.go:145        Non-zero metrics in the last 30s        {"monitoring": {"metri>
Okt 31 01:55:11 nuc-mini-data-server filebeat[49763]: 2020-10-31T01:55:11.234+0100        INFO        [monitoring]        log/log.go:145        Non-zero metrics in the last 30s        {"monitoring": {"metri>
Okt 31 01:55:41 nuc-mini-data-server filebeat[49763]: 2020-10-31T01:55:41.231+0100        INFO        [monitoring]        log/log.go:145        Non-zero metrics in the last 30s        {"monitoring": {"metri>
Okt 31 01:56:11 nuc-mini-data-server filebeat[49763]: 2020-10-31T01:56:11.231+0100        INFO        [monitoring]        log/log.go:145        Non-zero metrics in the last 30s        {"monitoring": {"metri>
Okt 31 01:56:41 nuc-mini-data-server filebeat[49763]: 2020-10-31T01:56:41.233+0100        INFO        [monitoring]        log/log.go:145        Non-zero metrics in the last 30s        {"monitoring": {"metri>
Okt 31 01:57:11 nuc-mini-data-server filebeat[49763]: 2020-10-31T01:57:11.231+0100        INFO        [monitoring]        log/log.go:145        Non-zero metrics in the last 30s        {"monitoring": {"metri>
[

filebeat.yml:

# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]
  hosts: ["192.168.178.32:9200"]

Telnet to the IP is working. I switched the output to Logstash. It's working, but I can't see any data. When I stopp filebeat on the first server, than the syslog view in Kibana is than empty.

Any idea what I'm doing wrong?

Regards,
Rafal

2

It was the timezone!!! Data was sended but ...

After the fix it works. But the new filebeat is sending a lot of data to elasticsearch. I disabled it at the moment, cause no time for evaluation.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.