Modules system and nginx is not showing any data when looking in discover

Elastic Stack Beats
1

Hi All,

I have deployed Elasticsearch, kibana and filebeat on my kubernetes cluster but the enable modules such as nginx and system are not showing any data when i filter it using event.module: system on my dashboard but my pod logs are visible on kibana dashboard, i have checked the modules list and it show both the nginx and system are enable.

below is filebeat.yml file


filebeat.inputs:
- type: container
  paths:
    - /var/log/containers/*.log
  processors:
  - add_kubernetes_metadata:
      host: ${NODE_NAME}
      matchers:
      - logs_path:
          logs_path: "/var/log/containers/"

output.elasticsearch:
  host: '${NODE_NAME}'
  hosts: '["https://${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}"]'
  username: '${ELASTICSEARCH_USERNAME}'
  password: '${ELASTICSEARCH_PASSWORD}'
  protocol: https
  ssl.certificate_authorities: ["/usr/share/filebeat/certs/ca.crt"]
### Live Reloadding
#      reload.enabled: true
#      reload.period: 10s
### setup dashboards
#      setup.dashboard.enabled: true
### Kibana
setup.kibana:
  host: "kibana-kibana:5601"
filebeat.config.modules.path: /usr/share/filebeat/modules.d/*.yml
2

Hey @Prem_Pratap_Singh, welcome to discuss :slight_smile:

If you are using Filebeat in Kubernetes, please take a look to autodiscover, it helps configuring the modules for the dynamic loads, take a look here: Autodiscover | Filebeat Reference [8.9] | Elastic

You can find there some sample configurations.

1 Like
3

Thank You for replying @jsoriano , i will definitely try this update if things works out.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.