Non-zero metrics in the last 30s

korsdecaying · March 12, 2017, 11:03am

Non-zero metrics in the last 30s: libbeat.es.call_count.PublishEvents=4 libbeat.es.published_and_acked_events=61 libbeat.publisher.messages_in_worker_queues=4 libbeat.es.publish.write_bytes=37185 libbeat.es.publish.read_bytes=1582 libbeat.publisher.published_events=61

I can not configure the packetbeat to send elasticsearch.

I can not configure the packet transmission to send elasticsearch.Kibina shows DNS queries, the search by reference

http://localhost:9200/packetbeat-*/_search?pretty
does not show the requests (more accurately it shows static 3 DNS requests although the traffic passes)
Maybe I'm using the wrong link

/etc/packetbeat/packetbeat.yml

packetbeat.interfaces.device: 0
packetbeat.protocols.dns:
ports: [53]
include_authorities: true
include_additionals: true

output.elasticsearch:
hosts: ["localhost:9200"]

steffens · March 13, 2017, 7:16am

The log output clearly states events being successfully published to Elasticsearch.

Can you clearify what you're trying to do? Please share more complete configuration and logs. Use the </> button for format logs/configs.

korsdecaying · March 17, 2017, 5:13pm

I apologize. Indeed the data comes in elasticsearch, but I do not understand where. Where it is possible to look and what configuration and logs it is necessary to throw off? I try to understand as there is a data transmission in elasticsearch a file and in what format where it is transformed in json records and where in general it is stored

jnmoore · March 17, 2017, 5:53pm

I was also confounded by this "non-zero metrics in the last 30s" message and thought packetbeat was not able to read network traffic, because I did not see indices being created in kibana. However, after a night's sleep, I realized that Kibana's Index Patterns list does not auto-discover new indices! I run ES on AWS, AWS reported packetbeat indices.

TL;DR Kibana's management GUI is not a good tool for checking if your beats are creating new indices

steffens · March 27, 2017, 5:15pm

check out the elasticsearch docs for API to query data and indices. The API commands can also be run from kibana.

Accessing http://elasticsearch-host:9200/_cat/indices?pretty should get you a list of available indices. Check for packetbeat-* indices being available. In kibana you will have to configure an index pattern packetbeat-*, to access these data from kibana UI.

system · April 24, 2017, 5:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.