And some of the dashboards show metrics/logs, however they also show errors like:
Field logstash.host.name was not found.
Field logstash.pipeline.total.events.in was not found.
Fields logstash.pipeline.total.time.duration.ms, logstash.pipeline.total.events.out were not found.
Field logstash.pipeline.plugin.input.events.out was not found.
etc.
Thanks @Abdarrahmane quite the detailed guide!
My problem is mainly that everything seems to be running, however the Logstash server does not appear in the Stack Monitoring dashboard. The agent is sending metrics, I see logs and metrics of the logstash server coming in, but I still can't monitor the server, dashboards are broken, etc
regarding the logstash integration settings, please make sure that:
Make sure that Metrics (Stack Monitoring) is turned on, and Metrics (Technical Preview) is turned off, if you want to collect metrics from your Logstash instance
Under Metrics (Stack Monitoring), make sure the hosts setting points to your Logstash host URLs. By default, the integration collects Logstash monitoring metrics from localhost:9600. If that host and port number are not correct, update the hosts setting. If you configured Logstash to use encrypted communications, you must access it via HTTPS. For example, use a hosts setting like https://localhost:9600.
For the user: use a user with remote_monitoring_collector role
For the SSL configuration use : verification_mode: none (for test)
if all of this checks and you're still getting that problem then the solution currently in my humble opinion is monitoring using metricbeats
what i usually do is:
1- setup monitoring using the legacy way Monitoring Logstash (legacy) | Logstash Reference [8.15] | Elastic
write a pipeline and then go to stack monitoring to verify the appearance of my logstash node and monitor it
here is an example of my conf files while monitoring with metricbeats: logstash.yml
#xpack.monitoring.enabled: true #true if you are using legacy monitoring
monitoring.enabled: false #flase if you are using metricbeat monitoring
xpack.monitoring.elasticsearch.username: logstash_sytem
xpack.monitoring.elasticsearch.password: password
xpack.monitoring.elasticsearch.hosts: ["https://x.x.x.x:9200", https://x.x.x.x:9200] #coordinating only nodes or data nodes
xpack.monitoring.elasticsearch.ssl.certificate_authority: /etc/logstash/certs/elasticsearch-ca.pem
xpack.monitoring.elasticsearch.ssl.verification_mode: full
#xpack.monitoring.elasticsearch.ssl.verification_mode: none #use it to test comment .ssl.certificate and .ssl.key
xpack.monitoring.elasticsearch.ssl.certificate: /etc/logstash/certs/Logstash-1.crt
xpack.monitoring.elasticsearch.ssl.key: /etc/logstash/certs/Logstash-1.key
metricbeat.yml
# =================================== Kibana ===================================
setup.kibana:
host: "https://x.x.x.x:5601"
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
# Array of hosts to connect to.
# adresse_ip des nœuds de coordinations si vous en avez sinon les nœuds de data
hosts: ["https://x.x.x.x:9200", "https://x.x.x.x:9200"]
preset: balanced
protocol: "https"
username: "remote_monitoring_user"
password: "password"
ssl.certificate_authorities: /etc/metricbeat/elasticsearch-ca.pem
Thanks @Abdarrahmane, your reply came in time to pull me out of the rabbit hole and switch from the agent to old fashioned xpack.monitoring. I do see Logstash in the Stack Monitoring screen now and it seems most metrics and logs are coming in too (if not all).
I do still notice that a lot of the preinstalled dashboards for logstash metrics are broken because they complain about fields missing. I still don't understand why though: are the dashboards wrong, is the data missing, are the fields wrongly named and what is the root cause of it
Maybe someone from the elastic team can give an answer, to me it feels there is a bug somewhere
I will keep this open for a bit to see if we can improve on the actual answer
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.