Stack Overflow
Stack Overflow

Questions tagged [elastic-beats]

81 questions
1
vote
1 answer

Parsing module for Elasticsearch logs

There are a variety of logs generated from Elasticsearch (elasticsearch_index_indexing_slowlog.log elasticsearch.log elasticsearch_index_search_slowlog.log, etc ) . Is there any module in the beats world, or plugins for Logstash which can parse…
Arun Mohan
  • 898
  • 3
  • 18
  • 37
0
votes
0 answers

Capture network interface name with Packetbeat

With Packetbeat on Linux, the packetbeat.interfaces.device: any configuration captures all messages sent or received by the server where Packetbeat is installed. I want to distinguish the messages captured by the interface over which they were…
Tabish Mir
  • 717
  • 6
  • 26
0
votes
0 answers

Elasticsearch filebeat failed to start

I have been struggling for quite some time with my filebeat setup. I have installed filebeat 7.10 on an ubuntu instance. Somehow part of the logs were sent to my cluster, but now when I check the systemctl status it always says failed, regardless of…
Terchila Marian
  • 2,225
  • 3
  • 25
  • 48
0
votes
0 answers

How to monitor Publish and Delivery Rate of messages in RabbitMQ Queues using Metricbeat?

I am trying to monitor the publish and delivery rate of messages in RabbitMQ using Metricbeat, but I can't find any Metricbeat field that provides these metrics. I have already configured Metricbeat to monitor my RabbitMQ instance and I am able to…
Karan Vyas
  • 1
  • 1
0
votes
1 answer

Observability section not visible in ELK Open Distro 1.13.3

I am using Open Distro 1.13.3 , Kibana v 7.10.2 but I am unable to see the observability section in Kibana. I am trying to implement HeartBeat and use uptime to monitor URL's but unable to see observability section. Any idea what could be the reason…
Navin
  • 684
  • 1
  • 11
  • 24
0
votes
0 answers

AuditBeat: How to get resolved symbolic links in published event output?

I am using AuditBeat to monitor filesystem operations performed in an external application and a specific root path, e.g.: /var/myapp/myroot Configuration AuditBeat version: 7.14.1 auditd module enabled OS: centos7 Output: Kafka Event publishing…
Henrik Steudel
  • 237
  • 6
  • 8
0
votes
1 answer

Recommended Docker Image Architecture

We have a "few" applications we want to run in a docker container. Our initial attempt created an "base image" that served as the basis for the different application images. It contained the base Linux OS, jdk, etc. Now we are looking at adding…
Mike Rother
  • 591
  • 4
  • 16
0
votes
0 answers

Apache Nifi processor ListenBeats don't work correctly

I'm shiping windows events using ListenBeats in NiFi with winlogbeat, when the data arrived is duplicated in 2 FlowFiles. I don't know why. This is the configuration about winlogbeat I'm using: winlogbeat.event_logs: name: Microsoft-Windows-Windows…
IamYipi
  • 13
  • 3
0
votes
0 answers

Linux Auditd monitoring of file operations in mounted folder

I have multi node kubernetes cluster and I would like to monitor file operations that are made by containers in mounted persistent volume. I found the all PV data are located at nodes in…
lukas.hubl
  • 1
0
votes
0 answers

Elastic beat not working if installed as docker container

I can install beat service manually as windows services (services.msc). When I tried to install as docker image(https://www.elastic.co/guide/en/beats/metricbeat/current/running-on-docker.html), system module (host machine data), iis module (from…
EZHISAI VALLABAN
  • 13
  • 2
0
votes
1 answer

Is Elastic/Metricbeats suitable for process monitoring and alerting?

Do you use Elastic and Metricbeats for process monitoring and alerting? How did you configure your data gathering and alerting? I am currently trying to set this up, and running into some basic issues. These issues are making me question whether…
EdwardTeach
  • 615
  • 6
  • 18
0
votes
1 answer

Remove ECS data from metricbeat for smaller documents

I use the graphite beat to get graphite protocol metrics into es. The metric document is much bigger than the metric data itself (timestamp, value, metric name). I also get all the ECS data inserted and I think it will make my queries much slower…
idan ahal
  • 707
  • 8
  • 21
0
votes
1 answer

Filebeat is not forwarding nginx ingress controller logs

Filebeat 7.12.1 ECK operator 2.2 I'm trying to setup the filbeat for the Nginx-ingress access logs in my ECK stack (installed in GKE). I can access the logs directly in the pod but nothing is coming to my Kibana dashboard. I have set up two…
Sameer Malhotra
  • 424
  • 3
  • 12
  • 29
0
votes
1 answer

decode_json_fields not moving data to root

We are using Winlogbeat to collect Event logs but rather than pull the data out of the winlog field, I want to move all the contents into the root field, which will help me automatically generate the fields I need. processors: -…
IsaacK
  • 1
0
votes
1 answer

Where does Beats send the data?

I have a theoretical question about Beats. If I understand correctly, Logstach allows to easily parse the received data and ingest it to ElasticSearch. So my question is, does Beats send the retrieved information directly to a Logstach profile or…
Sénéchal Julien
  • 43
  • 9
1 2
3
4 5 6