Kibana in logs view shows the paths to they log files, but no content

I created elk project(elasticsearch, logstash, kibana and filebeat) for production environment. It’s contained 1 server and 5 filebeat clients. Our developers would like to see some log files from they applications. I used system module, because is no other module close to the application. Kibana in logs view shows the paths to they log files, but no content. I checked syslog and auth.log files, same story. Only message, no content. Maybe Elasticsearch works like this? Can you clarify this, please? Or I have to change something?
Below, what I can see in LOG stream for one of my filebeat client:

Hi, would you be able to share the configuration that you have for your system module? In particular it would be good to see these settings.

Hi Kerry,

Below my configuration files:

root@elk01.DAP:/home/techops# cat elasticsearch.yml

======================== Elasticsearch Configuration =========================

NOTE: Elasticsearch comes with reasonable defaults for most settings.

Before you set out to tweak and tune the configuration, make sure you

understand what are you trying to accomplish and the consequences.

The primary way of configuring a node is via this file. This template lists

the most important settings you may want to configure for a production cluster.

Please consult the documentation for further information on configuration options:

Elasticsearch Reference | Elastic

---------------------------------- Cluster -----------------------------------

Use a descriptive name for your cluster:

#cluster.name: my-application

------------------------------------ Node ------------------------------------

Use a descriptive name for the node:

node.name: elk01.dap.foliofn.com

Add custom attributes to the node:

#node.attr.rack: r1

----------------------------------- Paths ------------------------------------

Path to directory where to store the data (separate multiple locations by comma):

path.data: /var/lib/elasticsearch/data

Path to log files:

path.logs: /var/log/elasticsearch

----------------------------------- Memory -----------------------------------

cat kibana.yml

Kibana is served by a back end server. This setting specifies the port to use.

server.port: 5601

Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.

The default is 'localhost', which usually means remote machines will not be able to connect.

To allow connections from remote users, set this parameter to a non-loopback address.

server.host: "10.70.46.170"

Enables you to specify a path to mount Kibana at if you are running behind a proxy.

Use the server.rewriteBasePath setting to tell Kibana if it should remove the basePath

from requests it receives, and to prevent a deprecation warning at startup.

This setting cannot end in a slash.

#server.basePath: ""

Specifies whether Kibana should rewrite requests that are prefixed with

server.basePath or require that they are rewritten by your reverse proxy.

This setting was effectively always false before Kibana 6.3 and will

default to true starting in Kibana 7.0.

#server.rewriteBasePath: false

The maximum payload size in bytes for incoming server requests.

#server.maxPayloadBytes: 1048576

The Kibana server's name. This is used for display purposes.

#server.name: "elk01.dap.foliofn.com"

The URLs of the Elasticsearch instances to use for all your queries.

elasticsearch.hosts: ["http://10.70.46.170:9200"]

When this setting's value is true Kibana uses the hostname specified in the server.host

setting. When the value of this setting is false, Kibana uses the hostname of the host

that connects to this Kibana instance.

elasticsearch.preserveHost: true

Kibana uses an index in Elasticsearch to store saved searches, visualizations and

dashboards. Kibana creates a new index if the index doesn't already exist.

kibana.index: ".kibana"

The default application to load.

Hi Kerry,

Any considerations?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.