I have setup one elastic cluster (Elasticsearch + Logstash + Kibana) on windows server.
And installed beats(filebeat+winlogbeat) on 3 windows servers.
I am able to view all logs from 2 servers, but not from third one.
I looked into logstash logs, but cannot find any errors and looks like somewhere in between my logs data got disapered for my third server.
How to troubleshoot this issue. Any help is appreciated.
Thanks in Advance.
Look in the logfile of Filebeat/Winlogbeat on the machine whose logs you're not receiving.
Both Beat logs not showing any error. Logs only showing that these services are in running state and okay.
You're not necessarily looking for errors. Any clues about what's going on would be useful. Like, are they attempting to send anything? They'll log that too, at least if you increase the logging verbosity.
Below errors messages for both filebeat and winlogbeat.
The winlogbeat service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
A timeout was reached (30000 milliseconds) while waiting for the winlogbeat service to connect.
Any idea how it can be fixed.
If Winlogbeat can't start I'd expect there to be something in the log. Apart from that I don't have any specific advice.
Thanks. I re-installed beats and now works fine.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.