I'm very new to filebeat/Elasticsearch so unsure how to debug this. I have filebeat, Elasticsearch and kibana working. I can see many of my logs being ingested from /var/log/syslog. However, although I have the iptables module enabled (see below) I don't see anything in my index from this source. For example, I've searched for keywords 'ubnt', 'WAN_LOCAL', '129.124' and so on. Here is an example of one of the iptables log entries which are written to my /var/log/syslog (from an Ubiquti router):
Jan 27 05:18:09 ubnt kernel: [WAN_LOCAL-default-D]IN=eth0 OUT= MAC=f0:99:cc:ff:25:fx:44:a7:71:94:a1:c0:08:00 SRC=129.124.61.2 DST=35.80.14.77 LEN=40 TOS=0x08 PREC=0x20 TTL=223 ID=51920 PROTO=TCP SPT=41682 DPT=3151 WINDOW=1024 RES=0x00 SYN URGP=0
# filebeat modules list
Enabled:
elasticsearch
haproxy
iptables
kibana
nginx
system