I am new to Logstash, having previous experience with Filebeat and Winlogbeat.
In the Filebeat/Winlogbeat configuration we have separate output sections for Elasticsearch and Kibana. We configure the Kibana output section with paths to certificate files for authentication with Kibana, because without authentication we cannot create Kibana visualizations.
But in Logstash, there is only an elasticsearch output. I can't find any documentation on a Kibana output plugin for Logstash, where we may configure the paths to cert files. Am I just searching in the wrong places?
The beats (filebeat, winlogbeat etc) does not have anyoutput to Kibana as Kibana does not receive data, it shows data present in Elasticsearch, what theyhave is a way to setup the built-in dashboards made by Elastic for data collected by them, this is what you configure.
Logstash has no integration with Kibana, if you are sending data from Logstash to Elasticsearch, you will need to create your own dashboards in Kibana.
Kibana is the visualization and management tool of the Elastic Stack, all the data is sent to and stored into Elasticsearch.
Wait, if there's no output to Kibana, why is there a Kibana output section in filebeat.yml?
It seems like we have never been able to get even a simple chart to show up in Kibana without SSL files configured in the Kibana output section of filebeat.yml or winlogbeat.yml. We can see data in Kibana Discover but that's it
But I could have been looking at the wrong config(s) the whole time.
I'll try some things. If we're still struggling with this maybe I'll start a thread on a Kibana appropriate forum if there are objections to continuing this thread here.
This is not an output per se, it is the configuration needed for Filebeat to be able to communicate with Kibana to install the dashboards as explained here.
Kibana dashboards are loaded into Kibana via the Kibana API. This requires a Kibana endpoint configuration.
This needs to be done on the first install and when there is an update to Filebeat or you install another filebeat module, this does not need to be done by the same filebeat that will collect your data. A common approach is to have a different filebeat the does not collect anything, just setup the dashboards.
@paolovalladolid
Perhaps you should take a look at the quick start guide for filebeat
It shows how to enable a module, you can just use whichever module you like and configure it
If you have SSL issues it may be due to self-signed certs and there are docs on how to do that... or we can help with that
Oh I've used Filebeat on other VMs and love it. I'd use it on this VM too if I didn't need Logstash's mutate to get rid of the "_id" field.
Let me see if I can articulate my real problem more clearly.
In Kibana Discover, I see 3 documents that match index pattern itential-jobs-*. All 3 have a populated @timestamp field. All 3 were indexed by Logstash within the last 24 hours.
Then I do the following:
create a new Dashboard
set the time range to last 7 days (which should include the 24 hours)
click Create Visualization
select index pattern itential-jobs-*
I am unable to select @timestamp as the horizontal axis for a bar chart. I see the message @timestamp does not match any options when I type it into the field under "Select a field". But as mentioned previously, I can see 3 documents with populated @timestamp.
This is odd. @timestamp is not listed under fields, even though, as I said, it is being populated in the documents. Logstash was used to index the documents.
Maybe I have to delete itential-jobs-*, and reset the mapping with @timestamp explicitly mapped? This is the mapping I set yesterday before indexing the 3 documents with Logstash.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.