I am using filebeat docker image with syslog enabled. When I run a search under discover I am not getting any results even though I know there is logs because if I run a search in Dev Tools I can see some of the log messages that I am expecting to see. A _cat/indices?v shows that the filebeat-xxxx index has docs and they are increasing.
I have also checked my Syslog dashboards under dashboard but there no results there. What am I doing wrong or what do I need to do in order to see my logs? I have the system module enabled in filebeat.
Below is my filebeat.yml let me know which other files you need.
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
processors:
- add_cloud_metadata: ~
- add_docker_metadata: ~
filebeat.inputs:
- type: syslog
protocol.tcp.host: ":9000"
enabled: true
output.elasticsearch:
hosts: ["elasticsearch:9200"]
setup.kibana:
host: "kibana:5601"
Here is the status of my index
[myuser@myserver filebeat]$ curl http://x.x.x.x:9200/_cat/indices?v
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana-event-log-7.8.0-000001 hdYjzCxRQfiiHgBCRW8Fcg 1 0 6 0 30.8kb 30.8kb
green open .apm-custom-link -WG7bYkKSbyZP-Lzg0pSBw 1 0 0 0 208b 208b
green open .kibana_task_manager_1 b7A64Ud7TnCXgBl9xfLVIw 1 0 5 4 21.2kb 21.2kb
green open .apm-agent-configuration P38q3cudSsi3CHnwcxGPMQ 1 0 0 0 208b 208b
green open .kibana_1 inf5hoxqSjO5zI_WFuDP9w 1 0 1509 11 1mb 1mb
yellow open filebeat-7.8.0-2020.07.17-000001 O9X2zfECT7SEN1a9kUi1LQ 1 1 1607 0 364.1kb 364.1kb