Hello all,
I am using Kibana-elasticsearch-filebeat 6.0.0. After the installation and configuration I manage to enter Kibana and I can perfectly see all the desired logs in the "Discover" tab. But, for some reason I can't see anything in the "Dashboard" regardless of which Filebeat module I pick (tried System as that's the one I enabled).
I'm on version 6.0.1, but I've got something similar as well. The fileset.module for both apache2 and nginx (along with the access fileset.name) works just fine.
The system fileset module, along with the syslog and auth fileset.name fields are not being shown. This is despite having C&P'ed the example logstash filter from the logstash documentation (the example filter for apache2 worked just fine).
I've configured the paths in the system.yml within the modules.d directory and the apache2.yml paths. Apache2? fileset names and modules no problem. System along with syslog and auth? not there. The logs are there, just not the sorting.
Edit: I believe - at least for my problem - the issue is with logstash. If I configure the modules and have filebeat output go to elasticsearch directly rather than logstash, the system fileset.module and fileset.name DO appear.
Edit-2: Filebeat modules work via output to elasticsearch when filebeat is running on the same server that's hosting elasticsearch. Filebeat modules do not work when output through logstash to elasticsearch, but the log is recorded in the index. Filebeat modules do not work when connecting to elasticsearch remotely AND are not recorded into the index at all.
Looks like the issue was solved after some basic rsyslog configuration and restart to the rsyslog service. For some reason I didn't see any note in the site to verify that.
I uncommented the tcp and udp configuration and restarted the service.
BTW, when working with filebeat the logs are actually saved twice: first in /var/log/syslog and then in elastic. Perhaps its better to use logstash instead of filebeat here and somehow just forward the logs to elasticsearch without saving?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.