Misconfigured dashboards?

QuizzyRascal · February 28, 2018, 3:21pm

I have built a syslog receiver using ELK 6.2.1, which works great.

Logstash receives syslog data and pushes it into ES and then I can use discover to see the logs coming in via Kibana.

I read somewhere that there are some default dashboards in filebeat that would allow me to see more in Kibana.

So I have installed filebeat on my single ELK server and I edited the following in filebeat.yml:

In paths:

/var/log/.log
was changed to /var/lib/logstash/.log

In the Dashboards section:
setup.dashboards.enabled: true

In the Kibana section
I added
setup.kibana:
host: "localhost:5601

I then ran the filebeat setup and installed it successfully (well I got no errors)

I then when into Kibana and saw lots of new dashboards but also got the following message on the top status bar:

No matching indices found: No indices match pattern "filebeat-*"

All my syslog data comes into Kibana with Logstash* and @timestamp.

Can anyone tell me what else I may need to do to the filebeat.yml file to be able to use the syslog dashboard with my syslog files within logstash?

All help is appreciated,
QR

adrisr · February 28, 2018, 7:54pm

I believe the problem is that Logstash is creating an index named differently than "filebeat-*".

Have you followed the logstash output docs? It's easy to misconfigure it.

QuizzyRascal · February 28, 2018, 8:22pm

Thank you for your thoughts... but I’m not using filebeats for anything other than to get to the dashboards.

I receive native syslog from network components like fw, routers, etc straight into logstash

If I’m not using filebeats can I still use the dashboards in Kibana?

I’ve no interest in filebeats for clients as they don’t suit my use cases.

adrisr · February 28, 2018, 11:23pm

I don't think the dashboards will work with documents that are not generated by filebeat as they won't have the required fields.

But I may be wrong, so you can try setting an index pattern in Kibana that matches the indexes created by logstash.

rcowart · March 1, 2018, 8:38am

You might want to try this solution as a starting point for collecting syslog data...

QuizzyRascal · March 1, 2018, 9:29am

Wow that looks just what I’m looking for
When I installed Kibaba I was asked to create an index and offered logstash*. Can I create a syslog-* as well?

Thanks
QR

rcowart · March 1, 2018, 9:54am

@QuizzyRascal as you dig into this more, you will realize that there are four things that have to work together...

Logstash Pipelines
Elasticsearch Index Templates
Kibana Index Patterns
Kibana Dashboards

The material in this repository walks through a more in depth example...

Even more advanced deployments, will consider normalizing sources to a common data model, which allows for analytics and visualization of a heterogenous environment with a common set up tools and dashboards. Providing such solutions in a turnkey package, are what we provide for our customers.

system · March 29, 2018, 9:54am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat logs to logstash to kibana Beats filebeat	10	3087	February 16, 2018
Syslog, SSH Login Attempt and Nginx dashboard for Filebeat Beats filebeat	8	2013	October 31, 2018
Issues with Index Pattern Search - Kibana/Filebeat Pre Loaded Dashboards Beats filebeat	2	637	June 23, 2020
Winlogbeat indices works but not see in Kibana Beats	9	1191	May 22, 2018
Filebeat system module Beats filebeat	7	3475	October 29, 2018

Misconfigured dashboards?

Related topics