Log was not appeared in elastic search and kibana

I want see my go language application logs in kibana. So, I installed elastic search, logstach, kibana and file beat. But, not able see my logs in kibana. what can do.

Hi @vinodh023,

Have you set the same path in filebeat/logstash to get the logs on kibana dashboard??

If you have set and facing any issue you can share you config file and log here so that i can see the issue and provide some solution on that.

Br,
Harsh Bajaj

How can I set path in filebeat/lgostach ?. Path means can set any port number or go language src folder name? Thank you.

Ho @vinodh023,

Yes, These both are possible.

For path only:
Go to filebeat.yml file available in /etc/filebeat/ folder and set prospector setting and configure the elasticsearch or logstash o/p to send that logs and configure the kibana with elasticsearch in /etc/kibana/kibana.yml file and restart all service and you will get all logs on kibana dashboard.

If you want to go with port you can use logstashh i/p plugin for the same.

Br,
Harsh Bajaj

**My file beat like this** :

Filebeat Configuration Example

https://www.elastic.co/guide/en/beats/filebeat/index.html

#=========================== Filebeat inputs =============================

filebeat.inputs:

Each - is an input. Most options can be set at the input level, so

you can use different inputs for various configurations.

Below are the input specific configurations.

  • type: log

    Change to true to enable this input configuration.

    enabled: true

    Paths that should be crawled and fetched. Glob based paths.

    paths:

    • /var/log/*.log
      #- c:\programdata\elasticsearch\logs*

    Exclude lines. A list of regular expressions to match. It drops the lines that are

    matching any regular expression from the list.

    #exclude_lines: ['^DBG']

    Include lines. A list of regular expressions to match. It exports the lines that are

    matching any regular expression from the list.

    #include_lines: ['^ERR', '^WARN']

    Exclude files. A list of regular expressions to match. Filebeat drops the files that

    are matching any regular expression from the list. By default, no files are dropped.

    #exclude_files: ['.gz$']

    Optional additional fields. These fields can be freely picked

    to add additional information to the crawled log files for filtering

    #fields:

    level: debug

    review: 1

    Multiline options

    Multiline can be used for log messages spanning multiple lines. This is common

    for Java Stack Traces or C-Line Continuation

    The regexp Pattern that has to be matched. The example pattern matches all lines starting with [

    #multiline.pattern: ^[

    Defines if the pattern set under pattern should be negated or not. Default is false.

    #multiline.negate: false

    Match can be set to "after" or "before". It is used to define if lines should be append to a pattern

    that was (not) matched before or after or as long as a pattern is not matched based on negate.

    Note: After is the equivalent to previous and before is the equivalent to to next in Logstash

    #multiline.match: after

#============================= Filebeat modules ===============================

filebeat.config.modules:

Glob pattern for configuration loading

path: ${path.config}/modules.d/*.yml

Set to true to enable config reloading

reload.enabled: false

Period on which files under path should be checked for changes

#reload.period: 10s

#==================== Elasticsearch template setting ==========================

setup.template.settings:
index.number_of_shards: 3
#index.codec: best_compression
#_source.enabled: false

#================================ General =====================================

The name of the shipper that publishes the network data. It can be used to group

all the transactions sent by a single shipper in the web interface.

#name:

The tags of the shipper are included in their own field with each

transaction published.

#tags: ["service-X", "web-tier"]

Optional fields that you can specify to add additional information to the

output.

#fields:

env: staging

#============================== Dashboards =====================================

These settings control loading the sample dashboards to the Kibana index. Loading

the dashboards is disabled by default and can be enabled either by setting the

options here, or by using the -setup CLI flag or the setup command.

#setup.dashboards.enabled: false

The URL from where to download the dashboards archive. By default this URL

has a value which is computed based on the Beat name and version. For released

versions, this URL points to the dashboard archive on the artifacts.elastic.co

website.

#setup.dashboards.url:

#============================== Kibana =====================================

Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.

This requires a Kibana endpoint configuration.

setup.kibana:

Kibana Host

Scheme and port can be left out and will be set to the default (http and 5601)

In case you specify and additional path, the scheme is required: http://localhost:5601/path

IPv6 addresses should always be defined as: https://[2001:db8::1]:5601

#host: "localhost:5601"

Kibana Space ID

ID of the Kibana Space into which the dashboards should be loaded. By default,

the Default Space will be used.

#space.id:

#============================= Elastic Cloud ==================================

These settings simplify using filebeat with the Elastic Cloud (https://cloud.elastic.co/).

The cloud.id setting overwrites the output.elasticsearch.hosts and

setup.kibana.host options.

You can find the cloud.id in the Elastic Cloud web UI.

#cloud.id:

The cloud.auth setting overwrites the output.elasticsearch.username and

output.elasticsearch.password settings. The format is <user>:<pass>.

#cloud.auth:

#================================ Outputs =====================================

Configure what output to use when sending the data collected by the beat.

#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:

Array of hosts to connect to.

#hosts: ["localhost:9200"]

Enabled ilm (beta) to use index lifecycle management instead daily indices.

#ilm.enabled: false

Optional protocol and basic auth credentials.

#protocol: "https"
#username: "elastic"
#password: "changeme"

#----------------------------- Logstash output --------------------------------
output.logstash:

The Logstash hosts

hosts: ["localhost:5044"]

Optional SSL. By default is off.

List of root certificates for HTTPS server verifications

#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

Certificate for SSL client authentication

#ssl.certificate: "/etc/pki/client/cert.pem"

Client Certificate Key

#ssl.key: "/etc/pki/client/cert.key"

#================================ Processors =====================================

Configure processors to enhance or manipulate events generated by the beat.

processors:

  • add_host_metadata: ~
  • add_cloud_metadata: ~

At debug level, you can selectively enable logging only for some components.

To enable all selectors use ["*"]. Examples of other selectors are "beat",

"publish", "service".

#logging.selectors: ["*"]

#xpack.monitoring.elasticsearch:

is this Okay?

I executed code like

and output seen in kibana like

but, not able to see my log.

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.
Please update your post.

Please don't post images of text as they are hardly readable and not searchable.

Instead paste the text and format it with </> icon. Check the preview window.

Hi @vinodh023,
First, you need to specify the log file path in below section.
quote=""]
/var/log/*.log
[/quote]

After that you need to configure elasticsearch as o/p in below section uncomment and provide IP and port and restart the service.

Br,
Harsh Bajaj

Hi, I un commented the
hosts: ["localhost:9200"]
How can i specify log file path?

paths:
- /var/log/*.log
#- c:\programdata\elasticsearch\logs*

instead of * - /var/log/*.log can I add any value like - /var/log/golanglog.log

Can you give any reference tutorial or any example related to go language?

Hi @vinodh023,
i Understood you are using logstash as o/p.

Yes you can specify the same and restart filebeat service.

Br,
Harsh Bajaj

Hi @vinodh023,

This is not only for Go lang you can specify any path as you asked in above query and filebeat will send this log to your logstash directly.

I think restart commands like

sudo /etc/initi.d/filebeat start
sudo /etc/initi.d/filebeat stop
sudo /etc/initi.d/filebeat restart

Okay Can I keep these file without any changes?

paths:

  • /var/log/.log
    #- c:\programdata\elasticsearch\logs

I used this command : sudo service filebeat restart. but no changes effected.

You didn't specify any path in below section.

Br,
Harsh Bajaj

What i kept there?

You need to add file path like below.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.