Issue to read logs from radsecproxy


we have implemented ELK to visualize eduroam log from radsecproxy. Our system was developed following this guideline GitHub - REANNZ/etcbd-public: eduroam tools container-based deployment - public tools
it was working successfully, but suddenly, I saw kibana showing old data and it stuck showing this old data, even when I deleted the log file and recreated a new one. the system still shows old data. where do these data come from?? and why are not deleted when I empty the log file??
radsecproxy and elk both are on different servers. and the data is transferred using filebeats.

I am new on elk, I am lost, and I don't know where to check and where the logs stopped. Can anyone assist me to identify and solve the issue?


Can you look at the Filebeat logs and see what it is doing?
It also looks like this uses Logstash, so looking at the Logstash logs might help.

the filebeat is in a docker container and I am not able to view logs files.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.