No logs for this cluster in Stack Monitoring

Hi Team,
I have setup elasticsearch, kibana and filebeat. I have configured elasticsearch module using autodiscover based on hints and it is sending logs to the kibana.But In the Stack Monitoring Section under Logs I can No logs for this cluster.
I am attaching all the screenshots.

filebeat.yml:-

filebeat:
  autodiscover:
    providers:
      - type: docker
        hints.enabled: true
  modules:
    - module: elasticsearch
processors:
  - add_cloud_metadata: ~
  - add_host_metadata:
      netinfo:
        enabled: true
      cache.ttl: 5m
  - add_docker_metadata:
      host: "unix:///var/run/docker.sock"
  - decode_json_fields:
      fields: [ "message" ]
      target: ""
      overwrite_keys: true 
      process_array: true
output:
  elasticsearch:
    hosts: "${ES_HOSTS}"
    username: "${ES_USERNAME:elastic}"
    password: "${ES_PASSWORD:CHANGEME}"
    index: "filebeat-${APP_CUSTOMER:default}-${APP_ENV:test}-%{[agent.version]}-%{+yyyy.MM.dd}"
    max_retries: "${ES_MAX_RETRIES:30}"
    backoff:
      init: "${ES_BACKOFF_INIT:30s}"
      max: "${ES_BACKOFF_MAX:60s}"

logging:
  level: "${LOG_LEVEL:info}"
  json: "${LOG_JSON:true}"
  metrics:
    enabled: "${LOG_METRICS:false}"

setup:
  template:
    name: "filebeat-${APP_CUSTOMER:default}-${APP_ENV:test}"
    pattern: "filebeat-${APP_CUSTOMER:default}-${APP_ENV:test}-*"
  ilm:
    enabled: auto
    rollover_alias: "filebeat-${APP_CUSTOMER:default}-${APP_ENV:test}"
    pattern: "{now/d}-000001"
 

elasticsearch.yml:-

version: '3.9'

services:
  certs:
    image: docker.elastic.co/elasticsearch/elasticsearch:${elasticsearch_tag}
    container_name: certs
    command: >
      bash -c '
        yum install -y -q -e 0 unzip;
        if [[ ! -f /certs/bundle.zip ]]; then
          bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out /certs/bundle.zip;
          unzip /certs/bundle.zip -d /certs;
        fi;
        chown -R 1000:0 /certs
      '
    working_dir: /usr/share/elasticsearch
    volumes:
      - ${elk_data_path}/certs:/certs
      - ${elk_data_path}/configs/instances.yml:/usr/share/elasticsearch/config/certificates/instances.yml
    networks:
      - elastic

  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:${elasticsearch_tag}
    container_name: es01
    restart: always
    labels:
      co_elastic_logs/module: elasticsearch
      service: elasticsearch
    environment:
      - node.name=es01
      - cluster.name=${cluster_name}
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - ELASTIC_PASSWORD=${elasticsearch_password}
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms${elasticsearch_java_heap_memory} -Xmx${elasticsearch_java_heap_memory}"
      - xpack.license.self_generated.type=basic
      - xpack.monitoring.collection.enabled=true
      - xpack.monitoring.elasticsearch.collection.enabled=true
      - xpack.security.enabled=true
      - xpack.security.audit.enabled=false
      - xpack.security.http.ssl.enabled=false
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt
      - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/es01/es01.crt
      - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/es01/es01.key
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ${elk_data_path}/elasticsearch/es1:/usr/share/elasticsearch/data
      - ${elk_data_path}/certs:/usr/share/elasticsearch/config/certificates
    ports:
      - ${elasticsearch_port}:9200
    networks:
      - elastic

  es02:
    image: docker.elastic.co/elasticsearch/elasticsearch:${elasticsearch_tag}
    container_name: es02
    restart: always
    labels:
      co_elastic_logs/module: elasticsearch    
      service: elasticsearch
    environment:
      - node.name=es02
      - cluster.name=${cluster_name}
      - discovery.seed_hosts=es01,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - ELASTIC_PASSWORD=${elasticsearch_password}
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms${elasticsearch_java_heap_memory} -Xmx${elasticsearch_java_heap_memory}"
      - xpack.license.self_generated.type=basic
      - xpack.monitoring.collection.enabled=true  
      - xpack.monitoring.elasticsearch.collection.enabled=true           
      - xpack.security.enabled=true
      - xpack.security.audit.enabled=false
      - xpack.security.http.ssl.enabled=false
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt
      - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/es02/es02.crt
      - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/es02/es02.key
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ${elk_data_path}/elasticsearch/es2:/usr/share/elasticsearch/data
      - ${elk_data_path}/certs:/usr/share/elasticsearch/config/certificates
    networks:
      - elastic

  es03:
    image: docker.elastic.co/elasticsearch/elasticsearch:${elasticsearch_tag}
    container_name: es03
    restart: always
    labels:
      co_elastic_logs/module: elasticsearch    
      service: elasticsearch
    environment:
      - node.name=es03
      - cluster.name=${cluster_name}
      - discovery.seed_hosts=es01,es02
      - cluster.initial_master_nodes=es01,es02,es03
      - ELASTIC_PASSWORD=${elasticsearch_password}
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms${elasticsearch_java_heap_memory} -Xmx${elasticsearch_java_heap_memory}"
      - xpack.license.self_generated.type=basic
      - xpack.security.enabled=true
      - xpack.monitoring.collection.enabled=true
      - xpack.monitoring.elasticsearch.collection.enabled=true             
      - xpack.security.audit.enabled=false
      - xpack.security.http.ssl.enabled=false
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt
      - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/es03/es03.crt
      - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/es03/es03.key
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ${elk_data_path}/elasticsearch/es3:/usr/share/elasticsearch/data
      - ${elk_data_path}/certs:/usr/share/elasticsearch/config/certificates
    networks:
      - elastic

  kib01:
    container_name: kib01
    image: docker.elastic.co/kibana/kibana:${kibana_tag}
    restart: always
    labels:   
      service: kibana
    environment:
      - SERVER_NAME=${cluster_name}
      - ELASTICSEARCH_URL=http://es01:9200
      - ELASTICSEARCH_HOSTS=["http://es01:9200","http://es02:9200","http://es03:9200"]
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=${elasticsearch_password}
      - CONSOLE_ENABLED=true
      - TELEMETRY_ENABLED=false
      - LOGGING_ROTATE_ENABLED=true
      - XPACK_SECURITY_SESSION_IDEALTIMEOUT=24h
      - XPACK_SECURITY_SESSION_LIFESPAN=10d
    ports:
      - ${kibana_port}:5601
    networks:
      - elastic

  filebeat:
    container_name: filebeat
    image: ${acr_login_server}.azurecr.io/samya/filebeat:${filebeat_tag}
    user: root
    restart: always
    labels:
      service: filebeat 
    volumes:
      - filebeat_vol:/var/log
      - /var/lib/docker:/var/lib/docker:ro
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/log/cloud-init-output.log:/var/log/hostlogs/cloud-init/cloud-init-output.log
    environment:
      - ES_HOSTS=${es_hosts}
      - ES_USERNAME=${es_username}
      - ES_PASSWORD=${es_password}
networks:
  elastic:
    driver: bridge
volumes:  
  filebeat_vol:
    driver: local    

Version:-
Elasticsearch and KIbana -> 7.12.0


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.