Logs are not reflecting in Kibana

In our ELK environment, we are not seeing any issues on elasticsearch and Logstash server. We can also see logs are receiving on Logstash side, but it is not reflecting in index on Kibana side.

Can anyone suggest what would be the possible reasons for that ? How we can check logs are receiving on Elasticsearch database ?

can anyone suggest on this issue ?

You have not provided any details about your cluster or overall configuration so it is very hard for anyone to help. What does the full ingest flow look like? What is the full output of the cluster stats API? Which version of Elasticsearch are you using?

Can you suggest how to search 'syslog' logs through search query from dev tools in Kibana ? we can able to see winlogbeat related logs in indexes but syslog logs are not reflecting.

Unless you can provide more information as Christian indicated, we are just guessing.

We are getting below error in Logstash

Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"azure_event_hub-2021.03.02", :routing
=>nil, :_type=>"_doc"}, #LogStash::Event:0x7d41709f], :response=>{"index"=>{"_index"=>"azure_event_hub-2021.03.02", "_type"=>"_doc",
"_id"=>"hn7k8XcBxp4QSwaxyn21", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"object mapping for [host] tried
to parse field [host] as object, but found a concrete value"}}}}

Kindly suggest.

Can anyone suggest for the above Warning error that we are getting on Logstash ?

It's telling you that the value that it is trying to insert doesn't match the mapping.
So what's the mapping for that index?

can you guide how I can check the mapping ?

GET azure_event_hub-2021.03.02/_mapping.

Please format your code/logs/config using the </> button, or markdown style back ticks. It helps to make things easy to read which helps us help you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.