| ... | @@ -120,4 +120,16 @@ You only need to change the server.host:"your-elk-server" and add the URL of ela |
... | @@ -120,4 +120,16 @@ You only need to change the server.host:"your-elk-server" and add the URL of ela |
|
|
Systemctl restart kibana
|
|
Systemctl restart kibana
|
|
|
systemctl enable kibana
|
|
systemctl enable kibana
|
|
|
```
|
|
```
|
|
|
Now you can access kibana in your browser's localhost. To get the logs you have to configure the Index Pattern. If the connection is set up correctly it should suggest the filebeat*- automatically. Just add it the default index pattern. |
|
Now you can access Kibana in your browser's localhost. To get the logs you have to configure the Index Pattern. If the connection is set up correctly it should suggest the Filebeat*- automatically. Just add it the default index pattern.
|
|
\ No newline at end of file |
|
|
|
|
|
|
|
|
|
It is supposed to look something like this when you have logs coming from Filebeat to your Kibana.
|
|
|
|
### Troubleshooting
|
|
|
|
|
|
|
|
If you don't see any logs coming for your Kibana or it doesn't recognize index pattern you should check that the Filebeat is sending logs correctly to Logstash. The Filebeat log file is at /var/log/filebeat and it should look something like this when the logs are sent to the Logstash:
|
|
|
|
|
|
|
|
|
|
|
|
The Logstash log is located in /var/log/logstash and it should look something like this:
|
|
|
|
|
|
|
|
If you get a ERR Connecting error publishing events (retrying): dial tcp {remote.logstash.host.ip}:5044 in your Filebeat log it means that there is something wrong in the connection. You should check both Filebeat and Logstash config files from typos and check that the port 5044 is available in the firewall.
|
|
|
|
|
|
|
|
\ No newline at end of file |
