I am investigating an issue where one of my macs is reporting network traffic and the other is not.
Both macs have High Sierra macOS 10.13.6 (17G11023). I include the build number because that changed last week when apple pushed out security update 2020-001 and a bunch of things changed. Could this be a file permissions problem? Is it a missing tool that metric beat would use?
The system.yml file on each machine are identical, as are the metricbeat.yml files
cat /usr/local/etc/metricbeat/modules.d/system.yml # Module: system # Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.5/metricbeat-module-system.html - module: system period: 10s metricsets: - cpu - load - memory - network - process - process_summary - socket_summary #- entropy #- core - diskio #- socket process.include_top_n: by_cpu: 5 # include top 5 processes by CPU by_memory: 5 # include top 5 processes by memory - module: system period: 1m metricsets: - filesystem - fsstat processors: - drop_event.when.regexp: system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)' - module: system period: 15m metricsets: - uptime #- module: system # period: 5m # metricsets: # - raid # raid.mount_point: '/'
The service is run under my user id on both machines.
macpro2:~ jjwelch$ brew services list Name Status User Plist metricbeat-full started <local admin> /usr/local/opt/metricbeat-full/homebrew.mxcl.metricbeat-full.plist
Digging into the metrics themselves reveal the data IS in elastic so maybe a problem with the dashboard?