ok so i went through it, but i'm confused on a few things with elasticsearch/kibana
i installed the filebeat on both the elasticsearch/kibana server and the remote host i wanna pull those apache logs from, i enabled the modules on both the elasticsearch/kibana and the remote host. When I check the output of the filebeat log on the remote host I see this:
2018-01-29T10:36:28-08:00 INFO Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2018-01-29T10:36:28-08:00 INFO Beat UUID: 2fe7e6d2-2ee3-4138-b875-cd89f12078f9
2018-01-29T10:36:28-08:00 INFO Metrics logging every 30s
2018-01-29T10:36:28-08:00 INFO Setup Beat: filebeat; Version: 6.1.2
2018-01-29T10:36:28-08:00 INFO Elasticsearch url: http://cdyvrlelk001:9200
2018-01-29T10:36:28-08:00 INFO Beat name: dev
2018-01-29T10:36:28-08:00 INFO filebeat start running.
2018-01-29T10:36:28-08:00 INFO Registry file set to: /var/lib/filebeat/registry
2018-01-29T10:36:28-08:00 INFO Loading registrar data from /var/lib/filebeat/registry
2018-01-29T10:36:28-08:00 INFO States Loaded from registrar: 14
2018-01-29T10:36:28-08:00 INFO Loading Prospectors: 1
2018-01-29T10:36:28-08:00 INFO Starting Registrar
2018-01-29T10:36:28-08:00 INFO Starting prospector of type: log; ID: 11378805102105908354
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/apache2/name.cd.local/access_ssl.log
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/apache2/name.cd.local/access_ssl.log
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/apache2/name.cd.local/error.log
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/apache2/name/access.log
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/apache2/api.name.cd.local/access.log
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/apache2/name.cd.local/access.log
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/apache2/name.cd.local/error_ssl.log
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/apache2/name.cd.local/access.log
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/apache2/name.cd.local/error_ssl.log
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/apache2/name.cd.local/error.log
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/apache2name/error.log
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/apache2/api.name.cd.local/error.log
2018-01-29T10:36:28-08:00 INFO Loading and starting Prospectors completed. Enabled prospectors: 1
2018-01-29T10:36:28-08:00 INFO Config reloader started
2018-01-29T10:36:28-08:00 INFO Connected to Elasticsearch version 6.1.2
2018-01-29T10:36:28-08:00 INFO Template already exists and will not be overwritten.
2018-01-29T10:36:28-08:00 INFO Starting 2 runners ...
2018-01-29T10:36:28-08:00 INFO Elasticsearch url: http://cdyvrlelk001:9200
2018-01-29T10:36:28-08:00 INFO Connected to Elasticsearch version 6.1.2
2018-01-29T10:36:28-08:00 INFO Starting prospector of type: log; ID: 17216501560277081620
2018-01-29T10:36:28-08:00 INFO Starting prospector of type: log; ID: 4128373258093383538
2018-01-29T10:36:28-08:00 INFO Elasticsearch url: http://cdyvrlelk001:9200
2018-01-29T10:36:28-08:00 INFO Connected to Elasticsearch version 6.1.2
2018-01-29T10:36:28-08:00 INFO Starting prospector of type: log; ID: 18044925928469627648
2018-01-29T10:36:28-08:00 INFO Starting prospector of type: log; ID: 8734454681295277600
2018-01-29T10:36:28-08:00 INFO Loading of config files completed.
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/auth.log
2018-01-29T10:36:28-08:00 INFO Harvester started for file: /var/log/syslog
I can see data in the Discover from that specific server hitting those specific "name.cd.local/error.log access.log etc... but when I go to the Dashboard of Filebeat Apache2 (which I enabled on the Elasticsearch/Kibana) and all I see is this:
which doesn't make sense 'cause the index-pattern is configured:
I already restarted all services so I'm confused