Stack Overflow
Stack Overflow

Questions tagged [elk]

Questions about the ELK stack, which gives you the ability to aggregate logs from all your systems and applications, analyze these logs and create visualization.

ELK is a stack of the three open source projects - , and

The ELK stack gives you the ability to aggregate logs from all your systems and applications, analyze these logs and create visualization.

Useful links:

1095 questions
2
votes
0 answers

Error establishing direct connection to mongo node at [ip:port]. Error output: no reachable servers and SASl

I am using MongoDB with a replica set. When I am trying to create a metricbeat MongoDB module am not sure How to give a URL. I don't understand how to solve it. when uncommenting the ssl.verification_mode: 'none' then getting "no reachable servers…
devopshulk
  • 21
  • 1
2
votes
1 answer

Kibana not showing large text

I have a csv that has a very large value in URL (some gibrish values). The text exceeds even 30 lines in an editor.Kibana shows only a portion of that text (probably due to some display settings), even if I select the correct column. The text in…
nav33n
  • 113
  • 9
2
votes
0 answers

cannot load the dashboard to kibana

I tried various ways to fix this issue without any success. Step - edit the metricbeat YAML and edit the kibana host Index setup finished. Loading dashboards (Kibana must be running and reachable) Exiting: error connecting to Kibana: fail to…
IOT Test
  • 75
  • 1
  • 4
2
votes
1 answer

Logstash fails to stream data to ES - Elasticsearch appears to be unreachable or down

I have encountered a very frustrating error and I don't manage to resolve it. I am trying to stream data with Logstash from SQL Server to ES, but I am getting the following error: Attempted to send a bulk request to elasticsearch' but…
globus1988
  • 65
  • 7
2
votes
1 answer

Elastic Search Hot/Warm/Cold architecture

We are planning to implement hot and cold architecture by allocating shards to different nodes tagged with hot/warm/cold. I want to understand more about performance benefits of this architecture. Lets say I move last 15 days of my indices to hot…
Sumit Nekar
  • 175
  • 13
2
votes
2 answers

How to remove particular lines from input file if starts with special character in logstash

I am trying to remove all the lines starting from < in my input file in logstash. I tried below filter but no success. I am new to ELS stack, please pardon if it has already answered. Sample Input lines Thread #1: t@-1680123584, lwp=22843,…
Ankit Sachan
  • 51
  • 2
2
votes
1 answer

How to show mulitple servers logs in kibana separatly from each other

I have installed ELK on my Ubuntu server and install filebeat on remote server-A and server-B. I have configured Log-stash to receive data from filebeat and forward them to Elasticsearch. Both servers logs are showing in…
huzaifa224
  • 51
  • 2
2
votes
0 answers

How to send logs from multiple servers to ELK server

I have a server in which ELK installed, On other end i have 2 source servers which sending logs to ELK server through filebeat. But the issue is both server's logs showing on same page on kibana. which is too complicated to identify which log is…
huzaifa224
  • 51
  • 2
2
votes
0 answers

How to use wildcard in elastalert rules

I need help in ELASTALERT I have a log message like this : log.info("Server is started at "+LocalDateTime.now()); and I need to write a query in rule for it: I am writing as - query: query_string: query: "message: *Server is*" It…
user14748001
2
votes
1 answer

Sending filebeat outputs via http

I have a filebeat instance reading a log file, and there is a remote http server that needs to receive the log outputs via rest api calls. For now I'm sending filebeat outputs to logstash, and make logstash do some filtering and passing the log the…
ssssssleeeeee
  • 41
  • 4
2
votes
1 answer

How to escape special character Restful API query string in JAVA

I try to modify existing query string to filter specified condition: now query string is below: String bodycontent="{" +" \"_source\":…
Howard
  • 143
  • 1
  • 1
  • 12
2
votes
1 answer

Elasticsearch ILM not rolling

I have configured my ILM to rollover when the indice size be 20GB or after passing 30 days in the hot node but my indice passed 20GB and still didn't pass to the cold node and when I run: GET _cat/indices?v I get: green open …
abdelhalim
  • 165
  • 2
  • 12
2
votes
2 answers

Filebeat automatically stops without kill

I use filebeat with elk. I started it with nohup command. nohup ./filebeat -e -c filebeat.yml -d "publish" > filebeat.log & Application stopped automatically after one day. close_inactive parameter is not work. Is there any configuration that i…
Turker Ozturk
  • 46
  • 5
2
votes
1 answer

Elasticsearch unassigned shards CircuitBreakingException[[parent] Data too large

I got alert stating elasticsearch has 2 unassigned shards. I made below api calls to gather more details. curl -s http://localhost:9200/_cluster/allocation/explain | python -m json.tool Output below "allocate_explanation": "cannot allocate…
Gokul
  • 191
  • 3
  • 15
2
votes
1 answer

Bucket sort in composite aggregation?

How can I do Bucket Sort in composite Aggregation? I need to do Composite Aggregation with Bucket sort. I have tried Sort with aggregation. I have tried composite aggregation.
Sanker
  • 69
  • 1
  • 7
1 2 3
72 73