Hi,
I just setup a very basic, minimal ELK cluster for learning purposes.
I installed logstash/elasticsearch/kibana with basic xpack licenses where applicable.
In Kibana's monitoring dashboard, I can see events per second for the default "main" pipeline, but,
for individual input/filter/output plugins it still says 0 e/s.
Does Kibana require logstash's monitoring API for this ?
I can see logstash dumping health stats to elasticsearch undex .monitoring-logstash-6.
logstash_stats.pipeline from a sample document in that index looks like this,
{
"events": {
"out": 325,
"queue_push_duration_in_millis": 0,
"in": 325,
"duration_in_millis": 40958,
"filtered": 325
},
"queue": {
"events_count": 0,
"max_queue_size_in_bytes": 0,
"type": "memory",
"queue_size_in_bytes": 0
},
"reloads": {
"successes": 0,
"failures": 0
},
"id": "main",
"vertices": [
{
"pipeline_ephemeral_id": "771a7f1f-7236-4ff8-94f7-7fb189aed44f",
"events_out": 325,
"queue_push_duration_in_millis": 0,
"id": "96b6b8f16363084f770033b4d0e5b98ca233dbce32314d166fef76935bda3600"
},
{
"pipeline_ephemeral_id": "771a7f1f-7236-4ff8-94f7-7fb189aed44f",
"long_counters": [
{
"name": "matches",
"value": 325
},
{
"name": "failures",
"value": 0
}
],
"duration_in_millis": 597,
"id": "squid-accesslog grok",
"events_out": 325,
"events_in": 325
},
{
"pipeline_ephemeral_id": "771a7f1f-7236-4ff8-94f7-7fb189aed44f",
"events_in": 325,
"events_out": 325,
"duration_in_millis": 68,
"id": "squid-accesslog move tags to @metadata"
},
{
"pipeline_ephemeral_id": "771a7f1f-7236-4ff8-94f7-7fb189aed44f",
"events_in": 0,
"events_out": 0,
"duration_in_millis": 0,
"id": "squid-accesslog mutate on connect requests"
},
{
"pipeline_ephemeral_id": "771a7f1f-7236-4ff8-94f7-7fb189aed44f",
"events_in": 0,
"events_out": 0,
"duration_in_millis": 0,
"id": "2c3d83cfbca7d2e4a3eff90c7dbcd79cc30950bc7841a0a7f52c8d51404b31b0"
},
{
"pipeline_ephemeral_id": "771a7f1f-7236-4ff8-94f7-7fb189aed44f",
"events_in": 0,
"events_out": 0,
"duration_in_millis": 0,
"id": "squid source_ip to localhost for cert retrievals"
},
{
"pipeline_ephemeral_id": "771a7f1f-7236-4ff8-94f7-7fb189aed44f",
"events_in": 325,
"events_out": 325,
"duration_in_millis": 98,
"id": "squid-accesslog rename host field to proxy"
},
{
"pipeline_ephemeral_id": "771a7f1f-7236-4ff8-94f7-7fb189aed44f",
"events_in": 0,
"events_out": 0,
"duration_in_millis": 0,
"id": "squid-accesslog mutate on error"
},
{
"pipeline_ephemeral_id": "771a7f1f-7236-4ff8-94f7-7fb189aed44f",
"events_in": 0,
"events_out": 0,
"duration_in_millis": 0,
"id": "squid-accesslog mutate category to safe"
},
{
"pipeline_ephemeral_id": "771a7f1f-7236-4ff8-94f7-7fb189aed44f",
"events_in": 325,
"events_out": 325,
"duration_in_millis": 19,
"id": "squid-accesslog remove unnecessary fields"
},
{
"pipeline_ephemeral_id": "771a7f1f-7236-4ff8-94f7-7fb189aed44f",
"long_counters": [
{
"name": "documents.successes",
"value": 325
},
{
"name": "bulk_requests.successes",
"value": 305
},
{
"name": "bulk_requests.responses.200",
"value": 305
}
],
"duration_in_millis": 39320,
"id": "3776103e67c69576ce4006504000bb106754d95fa73bd90bfcd0b3560cb0c0ce",
"events_out": 325,
"events_in": 325
}
],
"ephemeral_id": "771a7f1f-7236-4ff8-94f7-7fb189aed44f",
"hash": "5abcc64a0a24428024e7a432f8cd46aae8f6519da0c0dcd779a387e6055647c1"
}
Any thoughts on what could be happening here?