Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexey2019-03-21 09:07:10
elasticsearch
Alexey, 2019-03-21 09:07:10

ELK Why No results found?

Hello! Tell me how to properly configure the collection and visualization of logs with Apache, which runs on a Windows machine?
filebeat config is like this:

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - C:\opt\Apache24\logs\*.log
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: true
setup.template.settings:
  index.number_of_shards: 3
setup.kibana:
  host: "http://192.168.100.38"  
  username: user
  password: "pass"
output.elasticsearch:
  hosts: ["192.168.100.38:9200"]
processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~

command filebeat.exe modules list
Enabled:
apache2
On the server:
/etc/logstash/conf.d/10-apache-filter.conf
filter {
   if [type] in [ "apache" , "apache_access" , "apache-access" ]  {
      grok {
         match => [
         "message" , "%{COMBINEDAPACHELOG}+%{GREEDYDATA:extra_fields}",
         "message" , "%{COMMONAPACHELOG}+%{GREEDYDATA:extra_fields}"
         ]
         overwrite => [ "message" ]
      }
      mutate {
         convert => ["response", "integer"]
         convert => ["bytes", "integer"]
         convert => ["responsetime", "float"]
      }
      geoip {
         source => "clientip"
         target => "geoip"
         add_tag => [ "apache-geoip" ]
      }
      date {
         match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
         remove_field => [ "timestamp" ]
      }
      useragent {
         source => "agent"
      }
   }
   if [type] in ["apache_error","apache-error"] {
      grok {
         match => ["message", "\[%{WORD:dayname} %{WORD:month} %{DATA:day} %{DATA:hour}:%{DATA:minute}:%{DATA:second} %{YEAR:year}\] \[%{NOTSPACE:loglevel}\] (?:\[client %{IPORHOST:clientip}\] ){0,1}%{GREEDYDATA:message}"]
         overwrite => [ "message" ]
      }
      mutate
      {
         add_field =>
         {
            "time_stamp" => "%{day}/%{month}/%{year}:%{hour}:%{minute}:%{second}"
         }
      }
      date {
         match => ["time_stamp", "dd/MMM/YYYY:HH:mm:ss"]
         remove_field => [ "time_stamp","day","dayname","month","hour","minute","second","year"]
      }
   }
}

In the config 02-beats-input.conf
input {
beats {
port => 5044
}
}

At the same time, there is data in Kibana in Log. But dashboards are not built ( No results found )
What did I forget to configure ?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
K
Konstantin2015-08-03 17:46:12
Why in Elasticsearch as backend of Logstash all fields are of string type? 1Reply
G
gulitskiy2015-08-05 07:23:56
How to search phrases in elasticsearch with fuzzy? 1Reply
B
BarneyGumble2021-05-31 10:13:46
What are the advantages of Elasticsearch in conjunction with MySQL over MySQL itself? 1Reply
A
Alexander2020-01-15 16:11:13
How to work with Russian morphology in Elasticsearch? 1Reply
S
sokolnikov2015-09-08 20:22:08
How to properly work with elasticsearch in Yii2 through ActiveRecord? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question