Non-zero metrics in the last 30s: libbeat.es.call_count.PublishEvents=4 libbeat.es.published_and_acked_events=61 libbeat.publisher.messages_in_worker_queues=4 libbeat.es.publish.write_bytes=37185 libbeat.es.publish.read_bytes=1582 libbeat.publisher.published_events=61
I can not configure the packetbeat to send elasticsearch.
I can not configure the packet transmission to send elasticsearch.Kibina shows DNS queries, the search by reference
I apologize. Indeed the data comes in elasticsearch, but I do not understand where. Where it is possible to look and what configuration and logs it is necessary to throw off? I try to understand as there is a data transmission in elasticsearch a file and in what format where it is transformed in json records and where in general it is stored
I was also confounded by this "non-zero metrics in the last 30s" message and thought packetbeat was not able to read network traffic, because I did not see indices being created in kibana. However, after a night's sleep, I realized that Kibana's Index Patterns list does not auto-discover new indices! I run ES on AWS, AWS reported packetbeat indices.
TL;DR Kibana's management GUI is not a good tool for checking if your beats are creating new indices
check out the elasticsearch docs for API to query data and indices. The API commands can also be run from kibana.
Accessing http://elasticsearch-host:9200/_cat/indices?pretty should get you a list of available indices. Check for packetbeat-* indices being available. In kibana you will have to configure an index pattern packetbeat-*, to access these data from kibana UI.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.