Hi Team,
I have setup elasticsearch, kibana and filebeat. I have configured elasticsearch module using autodiscover based on hints and it is sending logs to the kibana.But In the Stack Monitoring Section under Logs I can No logs for this cluster.
I am attaching all the screenshots.
filebeat.yml:-
filebeat:
autodiscover:
providers:
- type: docker
hints.enabled: true
modules:
- module: elasticsearch
processors:
- add_cloud_metadata: ~
- add_host_metadata:
netinfo:
enabled: true
cache.ttl: 5m
- add_docker_metadata:
host: "unix:///var/run/docker.sock"
- decode_json_fields:
fields: [ "message" ]
target: ""
overwrite_keys: true
process_array: true
output:
elasticsearch:
hosts: "${ES_HOSTS}"
username: "${ES_USERNAME:elastic}"
password: "${ES_PASSWORD:CHANGEME}"
index: "filebeat-${APP_CUSTOMER:default}-${APP_ENV:test}-%{[agent.version]}-%{+yyyy.MM.dd}"
max_retries: "${ES_MAX_RETRIES:30}"
backoff:
init: "${ES_BACKOFF_INIT:30s}"
max: "${ES_BACKOFF_MAX:60s}"
logging:
level: "${LOG_LEVEL:info}"
json: "${LOG_JSON:true}"
metrics:
enabled: "${LOG_METRICS:false}"
setup:
template:
name: "filebeat-${APP_CUSTOMER:default}-${APP_ENV:test}"
pattern: "filebeat-${APP_CUSTOMER:default}-${APP_ENV:test}-*"
ilm:
enabled: auto
rollover_alias: "filebeat-${APP_CUSTOMER:default}-${APP_ENV:test}"
pattern: "{now/d}-000001"
elasticsearch.yml:-
version: '3.9'
services:
certs:
image: docker.elastic.co/elasticsearch/elasticsearch:${elasticsearch_tag}
container_name: certs
command: >
bash -c '
yum install -y -q -e 0 unzip;
if [[ ! -f /certs/bundle.zip ]]; then
bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out /certs/bundle.zip;
unzip /certs/bundle.zip -d /certs;
fi;
chown -R 1000:0 /certs
'
working_dir: /usr/share/elasticsearch
volumes:
- ${elk_data_path}/certs:/certs
- ${elk_data_path}/configs/instances.yml:/usr/share/elasticsearch/config/certificates/instances.yml
networks:
- elastic
es01:
image: docker.elastic.co/elasticsearch/elasticsearch:${elasticsearch_tag}
container_name: es01
restart: always
labels:
co_elastic_logs/module: elasticsearch
service: elasticsearch
environment:
- node.name=es01
- cluster.name=${cluster_name}
- discovery.seed_hosts=es02,es03
- cluster.initial_master_nodes=es01,es02,es03
- ELASTIC_PASSWORD=${elasticsearch_password}
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms${elasticsearch_java_heap_memory} -Xmx${elasticsearch_java_heap_memory}"
- xpack.license.self_generated.type=basic
- xpack.monitoring.collection.enabled=true
- xpack.monitoring.elasticsearch.collection.enabled=true
- xpack.security.enabled=true
- xpack.security.audit.enabled=false
- xpack.security.http.ssl.enabled=false
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/es01/es01.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/es01/es01.key
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ${elk_data_path}/elasticsearch/es1:/usr/share/elasticsearch/data
- ${elk_data_path}/certs:/usr/share/elasticsearch/config/certificates
ports:
- ${elasticsearch_port}:9200
networks:
- elastic
es02:
image: docker.elastic.co/elasticsearch/elasticsearch:${elasticsearch_tag}
container_name: es02
restart: always
labels:
co_elastic_logs/module: elasticsearch
service: elasticsearch
environment:
- node.name=es02
- cluster.name=${cluster_name}
- discovery.seed_hosts=es01,es03
- cluster.initial_master_nodes=es01,es02,es03
- ELASTIC_PASSWORD=${elasticsearch_password}
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms${elasticsearch_java_heap_memory} -Xmx${elasticsearch_java_heap_memory}"
- xpack.license.self_generated.type=basic
- xpack.monitoring.collection.enabled=true
- xpack.monitoring.elasticsearch.collection.enabled=true
- xpack.security.enabled=true
- xpack.security.audit.enabled=false
- xpack.security.http.ssl.enabled=false
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/es02/es02.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/es02/es02.key
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ${elk_data_path}/elasticsearch/es2:/usr/share/elasticsearch/data
- ${elk_data_path}/certs:/usr/share/elasticsearch/config/certificates
networks:
- elastic
es03:
image: docker.elastic.co/elasticsearch/elasticsearch:${elasticsearch_tag}
container_name: es03
restart: always
labels:
co_elastic_logs/module: elasticsearch
service: elasticsearch
environment:
- node.name=es03
- cluster.name=${cluster_name}
- discovery.seed_hosts=es01,es02
- cluster.initial_master_nodes=es01,es02,es03
- ELASTIC_PASSWORD=${elasticsearch_password}
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms${elasticsearch_java_heap_memory} -Xmx${elasticsearch_java_heap_memory}"
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.monitoring.collection.enabled=true
- xpack.monitoring.elasticsearch.collection.enabled=true
- xpack.security.audit.enabled=false
- xpack.security.http.ssl.enabled=false
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca/ca.crt
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/es03/es03.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/es03/es03.key
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ${elk_data_path}/elasticsearch/es3:/usr/share/elasticsearch/data
- ${elk_data_path}/certs:/usr/share/elasticsearch/config/certificates
networks:
- elastic
kib01:
container_name: kib01
image: docker.elastic.co/kibana/kibana:${kibana_tag}
restart: always
labels:
service: kibana
environment:
- SERVER_NAME=${cluster_name}
- ELASTICSEARCH_URL=http://es01:9200
- ELASTICSEARCH_HOSTS=["http://es01:9200","http://es02:9200","http://es03:9200"]
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=${elasticsearch_password}
- CONSOLE_ENABLED=true
- TELEMETRY_ENABLED=false
- LOGGING_ROTATE_ENABLED=true
- XPACK_SECURITY_SESSION_IDEALTIMEOUT=24h
- XPACK_SECURITY_SESSION_LIFESPAN=10d
ports:
- ${kibana_port}:5601
networks:
- elastic
filebeat:
container_name: filebeat
image: ${acr_login_server}.azurecr.io/samya/filebeat:${filebeat_tag}
user: root
restart: always
labels:
service: filebeat
volumes:
- filebeat_vol:/var/log
- /var/lib/docker:/var/lib/docker:ro
- /var/run/docker.sock:/var/run/docker.sock
- /var/log/cloud-init-output.log:/var/log/hostlogs/cloud-init/cloud-init-output.log
environment:
- ES_HOSTS=${es_hosts}
- ES_USERNAME=${es_username}
- ES_PASSWORD=${es_password}
networks:
elastic:
driver: bridge
volumes:
filebeat_vol:
driver: local
Version:-
Elasticsearch and KIbana -> 7.12.0