Highest Voted 'filebeat' Questions - Server Fault Stack Exchange

4

votes

4 answers

How to see if filebeat data is being sent to logstash

When I open up Kibana interface, I get an error to configure index when logstash-* is entered as a query: kibana error: please specify a default index pattern How can I see if filebeat is sending logs to logstash? I followed the filebeat and ELK…

logstash filebeat

asked Jan 18 '17 at 02:03

Celi Manu

161
1
1
5

3

votes

1 answer

Why is this exclude_lines in filebeat excluding all logs?

I'm using ELK Stack, and I've got it working pretty well for most of my servers. The exception is that I have a gitlab server that has a ping to/from a gitlab-ci server that happens in the gitlab-access log. This happens every second, and I'd like…

elasticsearch logstash kibana filebeat

asked Feb 07 '18 at 14:08

trueCamelType

1,016
5
19
41

3

votes

2 answers

Different extractors for the same Graylog input?

I'm using Graylog's sidecar functionality with Filebeat to pickup a number of different log files off my server, including Syslog, Nginx and Java App. All of these flow into the same Graylog input for Beats (I tried to supply multiple inputs,…

logging graylog data-extraction filebeat

asked Oct 12 '16 at 17:00

Jon

632
5
12

2

votes

0 answers

Error while enrolling: empty access_token

I have successfully installed a full ELK Docker stack including Filebeat. When I want to enroll a Filebeat instance, I get the following error: Error while enrolling: empty access_token According to the source, the error can be anything, if the…

kibana filebeat

asked Dec 02 '19 at 18:07

Daniel W.

1,439
4
23
46

2

votes

0 answers

Parsing JSON event in Logstash

I have log in following format, it is a plain json with nested fields. { "level": "info", "message": { "req": { "headers": { "host": "localhost:8080", "connection": "keep-alive", …

elasticsearch logstash json elk filebeat

asked Mar 12 '19 at 09:22

vkpro

21
1
2

2

votes

1 answer

Filebeat can't connect to logstash on another server

Filebeat (11.11.11.11) can't connect to logstash (22.22.22.22) on another server (connection reset by peer). But filebeat services from other servers can do it. Also I can connect from this server(11.11.11.11) using telnet to this port (telnet…

elasticsearch logstash kibana elk filebeat

asked May 09 '18 at 11:11

Dmitry

179
1
2
8

2

votes

0 answers

filebeat makes a lot of I/O

We have filebeat on few servers that is writeing to elasticsearch. We can see that it is doing a lot of writes: PID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND 353 be/3 root 0.00 B/s 4.52 K/s 0.00 % 0.55 %…

linux amazon-ec2 amazon-ebs elk filebeat

asked Apr 17 '18 at 08:41

usterk

121
1
4

2

votes

1 answer

ELK logstash and core grok patterns

I'm evaluating the ELK stack with filebeat & logstash across a diverse range of applications/ servers. I understand the power of customising my own grok patterns for each application/log, but to get running initially it seems very inefficient to…

logstash kibana elk filebeat

asked Jan 18 '18 at 17:14

Dan Poltawski

141
1
3

1

vote

1 answer

cannot validate certificate - doesn't contain any IP SAN

I am currently in the process of installing ELK ( ElastricSearch, LogStash & Kibana) stack. My ELK server IP address is 172.29.225.32. Elastic Search config is :: # ---------------------------------- Network ----------------------------------- # #…

openssl elasticsearch logstash elk filebeat

asked Jun 09 '17 at 13:52

Jason Stanley

185
1
11

1

vote

0 answers

Why does syslog create a user.log instead using syslog.log?

I have experienced something a bit weird for me. I have filebeat monitoring my rsyslog (syslog.log) file and sending it to my logstash. I have noticed that after restarting filebeat where syslog is running, syslogs creates a new file user.log under…

syslog rsyslog elasticsearch syslogd filebeat

asked Nov 15 '16 at 16:27

ndarkness

193
1
7

1

vote

0 answers

Suricata / Filebeat / ELK - iptables tee - Create virtual hosts

I have an IDS setup as follow: Hardware / interfaces WAN <----(brwan)> ROUTER / AP <(br0)----> LAN \ -----(eth1)> | \ | IDS…

iptables elasticsearch ids filebeat suricata

asked Jul 08 '22 at 09:35

Gabriel ROUSSEAU

11
1

0

votes

1 answer

Integrating nginx logs and elasticsearch app-search

I'm trying to setup a self-managed docker appsearch instance, together with kibana and elasticsearch, queried by a uvicorn python app, proxied by a nginx webserver My current issue is that the appsearch logs show the python default user-agent and IP…

nginx logging elasticsearch kibana filebeat

asked Jan 13 '20 at 20:20

Niloct

101
4

0

votes

1 answer

Mapping fields from a beats log message in graylog

this is a slightly rephrased version of: Whos is eating my fields? (or: how do I get more of the custom fields from my beats message into graylog) i am using filebeat to collect logs from a bunch of docker containers, and then ship them to a…

graylog filebeat

asked Nov 20 '18 at 10:52

rmalchow

176
6

0

votes

1 answer

Can't find docker log files for Filebeat

I'm trying to aggregate logs from my Kubernetes cluster into Elasticsearch server. To do that, I've deployed Filebeat on the cluster, but I think it doesn't have a chance to work since in the /var/lib/docker/containers directories, there are no…

docker kubernetes elasticsearch filebeat

asked Oct 20 '18 at 16:18

Djent

89
4
15

0

votes

2 answers

Kibana @timestamp mapping & filter

I'm using following system/package: $ cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) $ rpm -q filebeat filebeat-1.3.0-1.x86_64 $ with /etc/filebeat/filebeat.yml: $ cat /etc/filebeat/filebeat.yml filebeat: prospectors: - …

elasticsearch logstash logstash-forwarder filebeat

asked Sep 08 '16 at 14:50

alexus

12,342
27
115
173

Questions tagged [filebeat]