Hey,
I am sending heartbeat and metricbeat logs from host A to Security Onion's logstash. I can see little triangles next to multiple fields. I have refreshed the indexes multiple times (management -> index pattern -> :logstash-beats--> refresh), but it's not working. What am I missing? I am new to all ELK.
Index Name: :logstash-beats-
ELK Version: 6.7.2
Metricbeat & heartbeat version: 6.7.1
The reason it's not updated because I am using the latest Security onion ISO.
Kibana Log:
{"type":"response","@timestamp":"2019-06-19T15:26:18Z","tags":[],"pid":1,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"127.0.0.1:5601","origin":"https://10.80.2.220","kbn-version":"6.7.2","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36","content-type":"application/json","accept":"*/*","referer":"https://10.80.2.220/app/kibana","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","x-forwarded-for":"10.90.17.63","x-forwarded-host":"10.80.2.220","x-forwarded-server":"localhost","connection":"Keep-Alive","content-length":"54"},"remoteAddress":"172.17.0.1","userAgent":"172.17.0.1","referer":"https://10.80.2.220/app/kibana"},"res":{"statusCode":200,"responseTime":9,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 9ms - 9.0B"}
{"type":"response","@timestamp":"2019-06-19T15:26:19Z","tags":[],"pid":1,"method":"get","statusCode":200,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=*%3Alogstash-beats-*&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score","method":"get","headers":{"host":"127.0.0.1:5601","accept":"application/json, text/plain, */*","kbn-version":"6.7.2","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36","referer":"https://10.80.2.220/app/kibana","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","x-forwarded-for":"10.90.17.63","x-forwarded-host":"10.80.2.220","x-forwarded-server":"localhost","connection":"Keep-Alive"},"remoteAddress":"172.17.0.1","userAgent":"172.17.0.1","referer":"https://10.80.2.220/app/kibana"},"res":{"statusCode":200,"responseTime":73,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=*%3Alogstash-beats-*&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score 200 73ms - 9.0B"}
{"type":"response","@timestamp":"2019-06-19T15:26:19Z","tags":[],"pid":1,"method":"put","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/AWBLHZaBRuBloj96jvrD","method":"put","headers":{"host":"127.0.0.1:5601","origin":"https://10.80.2.220","kbn-version":"6.7.2","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36","content-type":"application/json","accept":"*/*","referer":"https://10.80.2.220/app/kibana","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9","x-forwarded-for":"10.90.17.63","x-forwarded-host":"10.90.1.115","x-forwarded-server":"localhost","connection":"Keep-Alive","content-length":"181938"},"remoteAddress":"172.17.0.1","userAgent":"172.17.0.1","referer":"https://10.80.2.220/app/kibana"},"res":{"statusCode":200,"responseTime":375,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/AWBLHZaBRuBloj96jvrD 200 375ms - 9.0B"}
Logstash log:
[2019-06-19T14:56:25,409][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]
[2019-06-19T14:56:46,149][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]
[2019-06-19T14:56:50,703][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]
[2019-06-19T14:56:55,628][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]
[2019-06-19T14:57:00,040][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]
[2019-06-19T14:57:03,635][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]
[2019-06-19T14:57:09,424][INFO ][org.elasticsearch.cluster.metadata.MetaDataIndexTemplateService] adding template [kibana_index_template:.kibana] for index patterns [.kibana]
I do not see any errors and I have not made any changes to default indexs. It was added automatically once Elasticsearch started recieveing logs from Beats.
Thanks in advance.