Hi. We are using ELK 7.1 and we are seeing some intermittent logging for a particular appName. When checking Kibana, there were a couple of hours of missed logs yesterday and no log on the 26th. However, there were some logs from other apps. There should have been logs because an error was manually pushed on those times. What could be the issue for this?
Hi. Does anyone know what could be the issue? Thanks!
You have not provided much to go on so it is hard to help. Is there anything in the Elasticsearch logs?
Hi. Yes, we are getting logs on Elasticsearch.
Is there anything of interest in the logs, e.g. errors, warnings or evidence of long or frequent GC?
The one that sticks out to me is this log:
"Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]"
I'm also trying to fix this issue. We have this in the config file (syslog.conf):
input {
syslog {
port => 5044
id => "syslog_id"
}
}
output {
elasticsearch {
hosts => ["000.00.00.01:9200", "000.00.00.02:9200", "000.00.00.03:9200"]
sniffing => true
manage_template => false
index => "ss-logs-%{+YYYY.MM.dd}"
user => "{ES_USER}" password => "{ES_PWD}"
}
}
We're using logstash.keystore. I'm not sure if there are related.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.