Upgrading Kibana 7.17.6 to 8.12.2 and not logs Index

After upgrading Kibana 7.17.6 to 8.12.2, Kibana does not logs. Why?
There were no problems before the migration. The indexes were downloading.

Hi,
in In Kibana 7.17.6 I collected logs correctly.
After upgrading to version 8.12.2, the logs do not appear.
What's the problem. I'm downloading logs from an application on IIS.

  "Logging": {
    "Serilog": {
      "WriteTo": [
        //useful for debugging
        //{ "Name": "Console" },
        {
          "Args": {
            "nodeUris": "http://192.168.0.8:9200/",
            "indexFormat": "logstash-log-{0:yyyy.MM.dd}"
          }
        }
      ]
    }
  },

In
journalctl -u logstash.service


[logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"Connect to localhost:9200 [localhost/127.0.0.1] failed: Connection refused", :exc>
[logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://localhost:9200/", :exception=>Lo>

Some guesses:

If you upgraded to ES 8.12.2, it might be secured by default.
Using https instead of http so http://192.168.0.8:9200 might be wrong.
Also you may have to provide somewhere a login and password or the api key. I'd check serilog documentation to learn what you need to do when upgrading ES.

I guess also you are talking about the Elasticsearch upgrade, right? Not specifically Kibana upgrade. I moved the discussion to Elasticsearch as the endpoint is Elasticsearch...

Hi,
in kibana 7 there was a logging.dest setting and logs from serilog were visible in kibana 7, after upgrading to kibana 8 no logs are visible, logging.dest is no longer in the configuration file. So how can we make the patterns visible again and load into the kibana 8?

You have to fix the logstash error.

This is last log:

Mar 18 14:49:13 server001 logstash[3691324]: [2024-03-18T14:49:13,578][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pip>
Mar 18 14:49:16 server001 logstash[3691324]: [2024-03-18T14:49:16,013][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>2.43}
Mar 18 14:49:16 server001 logstash[3691324]: [2024-03-18T14:49:16,048][INFO ][logstash.inputs.beats    ][main] Starting input listener {:address=>"0.0.0.0:5044"}
Mar 18 14:49:16 server001 logstash[3691324]: [2024-03-18T14:49:16,104][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}
Mar 18 14:49:16 server001 logstash[3691324]: [2024-03-18T14:49:16,227][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
Mar 18 14:49:16 server001 logstash[3691324]: [2024-03-18T14:49:16,556][INFO ][org.logstash.beats.Server][main][1dee5366b9527b60282b29e17be395914523d3573550bcb2f6a503906a5fce27] Starting server on port: 5044
Mar 18 14:49:19 server001 logstash[3691324]: [2024-03-18T14:49:19,483][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://192.168.0.8:9200/"}
Mar 18 14:49:19 server001 logstash[3691324]: [2024-03-18T14:49:19,633][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch version determined (8.12.2) {:es_version=>8}
Mar 18 14:49:19 server001 logstash[3691324]: [2024-03-18T14:49:19,633][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>8}
Mar 18 14:49:27 server001 logstash[3691324]: [2024-03-18T14:49:27,604][INFO ][logstash.outputs.elasticsearch][main] Using a default mapping template {:es_version=>8, :ecs_compatibility=>:v8}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.