I am investigating an issue where one of my macs is reporting network traffic and the other is not.
Both macs have High Sierra macOS 10.13.6 (17G11023). I include the build number because that changed last week when apple pushed out security update 2020-001 and a bunch of things changed. Could this be a file permissions problem? Is it a missing tool that metric beat would use?
The system.yml file on each machine are identical, as are the metricbeat.yml files
cat /usr/local/etc/metricbeat/modules.d/system.yml
# Module: system
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.5/metricbeat-module-system.html
- module: system
period: 10s
metricsets:
- cpu
- load
- memory
- network
- process
- process_summary
- socket_summary
#- entropy
#- core
- diskio
#- socket
process.include_top_n:
by_cpu: 5 # include top 5 processes by CPU
by_memory: 5 # include top 5 processes by memory
- module: system
period: 1m
metricsets:
- filesystem
- fsstat
processors:
- drop_event.when.regexp:
system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'
- module: system
period: 15m
metricsets:
- uptime
#- module: system
# period: 5m
# metricsets:
# - raid
# raid.mount_point: '/'
The service is run under my user id on both machines.
macpro2:~ jjwelch$ brew services list
Name Status User Plist
metricbeat-full started <local admin> /usr/local/opt/metricbeat-full/homebrew.mxcl.metricbeat-full.plist
Digging into the metrics themselves reveal the data IS in elastic so maybe a problem with the dashboard?