I created elk project(elasticsearch, logstash, kibana and filebeat) for production environment. It’s contained 1 server and 5 filebeat clients. Our developers would like to see some log files from they applications. I used system module, because is no other module close to the application. Kibana in logs view shows the paths to they log files, but no content. I checked syslog and auth.log files, same story. Only message, no content. Maybe Elasticsearch works like this? Can you clarify this, please? Or I have to change something?
Below, what I can see in LOG stream for one of my filebeat client:
Hi, would you be able to share the configuration that you have for your system module? In particular it would be good to see these settings.
Hi Kerry,
Below my configuration files:
root@elk01.DAP:/home/techops# cat elasticsearch.yml
======================== Elasticsearch Configuration =========================
NOTE: Elasticsearch comes with reasonable defaults for most settings.
Before you set out to tweak and tune the configuration, make sure you
understand what are you trying to accomplish and the consequences.
The primary way of configuring a node is via this file. This template lists
the most important settings you may want to configure for a production cluster.
Please consult the documentation for further information on configuration options:
Elasticsearch Reference | Elastic
---------------------------------- Cluster -----------------------------------
Use a descriptive name for your cluster:
#cluster.name: my-application
------------------------------------ Node ------------------------------------
Use a descriptive name for the node:
node.name: elk01.dap.foliofn.com
Add custom attributes to the node:
#node.attr.rack: r1
----------------------------------- Paths ------------------------------------
Path to directory where to store the data (separate multiple locations by comma):
path.data: /var/lib/elasticsearch/data
Path to log files:
path.logs: /var/log/elasticsearch
----------------------------------- Memory -----------------------------------
cat kibana.yml
Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
The default is 'localhost', which usually means remote machines will not be able to connect.
To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "10.70.46.170"
Enables you to specify a path to mount Kibana at if you are running behind a proxy.
Use the server.rewriteBasePath setting to tell Kibana if it should remove the basePath
from requests it receives, and to prevent a deprecation warning at startup.
This setting cannot end in a slash.
#server.basePath: ""
Specifies whether Kibana should rewrite requests that are prefixed with
server.basePath or require that they are rewritten by your reverse proxy.
This setting was effectively always false before Kibana 6.3 and will
default to true starting in Kibana 7.0.
#server.rewriteBasePath: false
The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576
The Kibana server's name. This is used for display purposes.
#server.name: "elk01.dap.foliofn.com"
The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["http://10.70.46.170:9200"]
When this setting's value is true Kibana uses the hostname specified in the server.host
setting. When the value of this setting is false, Kibana uses the hostname of the host
that connects to this Kibana instance.
elasticsearch.preserveHost: true
Kibana uses an index in Elasticsearch to store saved searches, visualizations and
dashboards. Kibana creates a new index if the index doesn't already exist.
kibana.index: ".kibana"
The default application to load.
Hi Kerry,
Any considerations?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.