Not getting logs


(navnitt) #1

Hi All,

I am new to ELK thing.I want to get an alert whenever there is a failed ssh attempt on number of servers.I am able to get the alert whenever there is a failed attempt and if a log reached out to kibana.However the problem is for most of the failed attempts,the logs are not showing up in kibana,that is why my query is also not working and I am not getting the alerts.I am using filebeat.

Could someone please guide what am I missing?


(Matt Bargar) #2

Hi @nvnitt. Do you see the logs you're looking for if you query Elasticsearch directly? If not then the problem is likely between Filebeat and ES.


(navnitt) #3

No,the logs are not showing up in discover tab.only few ssh logs are there.


(Matt Bargar) #4

If you query Elasticsearch directly, without Kibana. do you see the logs though?