How to see if filebeat data is being sent to logstash

logstash filebeat
34,572

If you followed the official Filebeat getting started guide and are routing data from Filebeat -> Logstash -> Elasticearch, then the data produced by Filebeat is supposed to be contained in a filebeat-YYYY.MM.dd index. It uses the filebeat-* index instead of the logstash-* index so that it can use its own index template and have exclusive control over the data in that index.

So in Kibana you should configure a time based index pattern based on the filebeat-* index pattern instead of logstash-*. Alternatively you could run the import_dashboards script provided with Filebeat and it will install an index pattern into Kibana for you. The path to the import_dashboards script may vary based on how you installed Filebeat. This is for Linux when installed via RPM or deb.

/usr/share/filebeat/scripts/import_dashboards -es http://localhost:9200

You can check if data is contained in a filebeat-YYYY.MM.dd index in Elasticsearch using a curl command that will print the event count.

curl http://localhost:9200/filebeat-*/_count?pretty

And you can check the Filebeat logs for errors if you have no events in Elasticsearch. The logs are located at /var/log/filebeat/filebeat by default on Linux. You can increase verbosity by setting logging.level: debug in your config file.

Share:
34,572

Related videos on Youtube

Celi Manu
Author by

Celi Manu

Data Scientist, Programmer, Photographer

Updated on September 18, 2022

Comments

  • Celi Manu
    Celi Manu over 1 year

    When I open up Kibana interface, I get an error to configure index when logstash-* is entered as a query:

    kibana error: please specify a default index pattern

    How can I see if filebeat is sending logs to logstash? I followed the filebeat and ELK stack tutorials exactly. I can see data when I enter in filebeat-* into Kibana, but nothing when I enter in logstash-* into Kibana.

    • Admin
      Admin over 7 years
      If you post the actual error message, someone might be able to help you with that.
    • Admin
      Admin over 7 years
      @AlainCollins I inserted the message into my post
  • Celi Manu
    Celi Manu over 7 years
    Thanks Alain. How do I "crank up debugging" in filebeat?
  • Alain Collins
    Alain Collins over 7 years

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

cannot validate certificate - doesn't contain any IP SAN
Filebeat can't connect to logstash on another server
Tags index with filebeat and logstash
Elasticsearch: No handler for type [keyword] declared on field [hostname]
check if a string starts with number using regular expression
INFO No non-zero metrics in the last 30s message in filebeat
How should I use sql_last_value in logstash?
Filebeat "error loading config file: yaml: did not find expected key"
Logstash with multiple kafka inputs
logstash run all config files on start/restart