Not getting logs

Hi All,

I am new to ELK thing.I want to get an alert whenever there is a failed ssh attempt on number of servers.I am able to get the alert whenever there is a failed attempt and if a log reached out to kibana.However the problem is for most of the failed attempts,the logs are not showing up in kibana,that is why my query is also not working and I am not getting the alerts.I am using filebeat.

Could someone please guide what am I missing?

Hi @nvnitt. Do you see the logs you're looking for if you query Elasticsearch directly? If not then the problem is likely between Filebeat and ES.

No,the logs are not showing up in discover tab.only few ssh logs are there.

If you query Elasticsearch directly, without Kibana. do you see the logs though?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.