Hello,
Please find the below URL where you can access more lines.
Thanks,
Ravi
I can not debug all this for you....
So you see the logs being printed to the screen...
That means Filebeat - Logstash is working
Are there errors in logstash when trying to write?
did you check to see if they are in discover?
is the data
when you run
GET _cat/indices?v
do you see the logs being added?
I am not sure what you need help with ... get in and dig 
output {
elasticsearch {
hosts => [ "http://localhost:9200" ]
user => "elastic"
password => "wakfgtqwJYKgYdYsKkE8"
}
stdout {}
}
If that is your output thye logs are probably written to an indext that starts with logstash-*
Hello,
My apologies for the late response on this topic.
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .reporting-2023-12-03 wPLklvtUSMqva6wIzY-DxQ 1 0 1 0 1.9mb 1.9mb
green open .transform-internal-007 Ayt0RmYQQFioUUIKhzuM1A 1 0 6 0 54.5kb 54.5kb
yellow open filebeat-8.11.2-2024.01.12 ATocymT0SVy1sYqYmivaxg 1 1 1224750 0 405.2mb 405.2mb
green open .apm-agent-configuration tI3nICpPQlWLzlPVFJPg3w 1 0 0 0 227b 227b
yellow open filebeat-8.11.2-2024.01.11 4CmGRMeURxGMyatRaPf-Wg 1 1 1763247 0 578.6mb 578.6mb
yellow open filebeat-7.17.15-2024.03.11-000073 Y7Nhmv2JT46zwrtja6DtvQ 1 1 11546264 0 1.4gb 1.4gb
yellow open logstash-2024.03.08-000001 n4iZZpd9QJe9AFmHyABMqg 1 1 138517853 0 50.7gb 50.7gb
green open .tasks 7c--yr7bTOe8ADz4vJ6ZsQ 1 0 33 1 67.9kb 67.9kb
green open metrics-endpoint.metadata_current_default 3RsBBNWJTw2QR53mEpYuQA 1 0 0 0 227b 227b
yellow open filebeat-8.11.1 fWtscFyTTsOZP9DnS6_cYA 1 1 2851986 0 1.2gb 1.2gb
green open .geoip_databases 4vJGhr5ySUWyUoNXYZxXbw 1 0 39 34 40.1mb 40.1mb
yellow open filebeat-8.11.2 nX0LPRrnTd2QBmjsBW_l3g 1 1 28183267 0 8.7gb 8.7gb
green open .security-7 z0KQ9irSTiSo_iXkCXkl9Q 1 0 61 0 248.5kb 248.5kb
yellow open filebeat-8.10.4 HbQfL0pGS_ClJLLBWGFYUQ 1 1 9453838 0 2gb 2gb
green open .apm-custom-link rH28BebpTOKIA2KpKxR4aw 1 0 0 0 227b 227b
yellow open filebeat-8.10.4-2024.01.12 7ah5nAK6ShSf8oQhCSar3w 1 1 51352 0 10.2mb 10.2mb
yellow open filebeat-7.17.18 bAT3d_jqRheAXz0JAA6YUQ 1 1 40334257 0 16.4gb 16.4gb
yellow open filebeat-7.17.15-2024.01.12 S_Xu9N9wQXmIPogZl0a9Aw 1 1 7726 0 4.6mb 4.6mb
yellow open logstash-2024.03.12-000002 ckNw2berTK2HbdvnBROgpQ 1 1 87825138 0 35.8gb 35.8gb
green open .async-search NjkQXv-hS2m8W7GzLjcbFA 1 0 2 2 600.9kb 600.9kb
green open .kibana_7.17.15_001 XT8tkEdKSASxfkVb5__Xig 1 0 7552 29 20.8mb 20.8mb
green open .kibana_task_manager_7.17.15_001 XOJAZtH8TxCO_fsH-I0cqA 1 0 18 191 533.7kb 533.7kb
green open .fleet-policies-7 qEihwqZ3RPeAYMI7Lccj1g 1 0 2 0 13.4kb 13.4kb
green open .metrics-endpoint.metadata_united_default npv867Q9SDaiWVrwtFH9zw 1 0 0 0 227b 227b
It showed for Mar13 and after which I have reverted back the changes to the previous, as this is a production.
Today, when we planned to apply the basic security again on the production, we ended up with the same situation where it stopped logging in the Kibana GUI > Discover
I have verified on the username password in the /etc/logstash/conf.d/02-beats-input.conf which seems to be correct because when I run the curl with the same credentials I could see the curl response.
# date && curl -u elastic:wakfgtqwJYKgYdYsKkE8 http://localhost:9200
Fri Mar 15 13:04:44 UTC 2024
{
"name" : "ip-192-168-135-26",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "6Vzvcn7yTduloVhwrkG1jA",
"version" : {
"number" : "7.17.15",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "0b8ecfb4378335f4689c4223d1f1115f16bef3ba",
"build_date" : "2023-11-10T22:03:46.987399016Z",
"build_snapshot" : false,
"lucene_version" : "8.11.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
Not sure what to tell you. I don't think you're running the config Think you are. That is the point I've been trying to make.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.