Enabling dashboards for filebeat
I am trying to develop more visibility around AWS. I'd really like to use the prebuilt dashboards that come with filebeat, but I seem to constantly run into issues with the visualizations for elb and vpcflow logs. My configuration looks like this:
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
host: "localhost:9243"
protocol: "https"
username: "kibana_user"
password: "kibana_password"
setup.dashboards.enabled: true
setup.dashboards.directory: ${path.config}/kibana
setup.ilm.enabled: false
output.elasticsearch:
hosts: ["localhost:9200"]
protocol: "https"
username: "elastic_user"
password: "password"
indices:
- index: "cloudtrail-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
event.dataset: "aws.cloudtrail"
- index: "elb-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
event.dataset: "aws.elb"
- index: "vpc-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
event.dataset: "aws.vpc"
processors:
- add_fields:
target: my_env
fields:
environment: development
In my dashboards directory I changed the filebeat-* index to
vpc-* for Filebeat-aws-vpcflow-overview.json, cloudtrail-* for filebeat-aws-cloudtrail.json and elb-* for Filebeat-aws-elb-overview.json. The cloudtrail dashboard works just fine. I only run into issues with the elb and vpcflow visualizations. None of elb requests visualizations work. The top IP addresses for vpcflow logs do not work either. Here are some screenshots:
For this particular situation if you don't use the deafault filebeaat-* index there are issues getting the prebuilt dashboards to spin up. I dropped the custom indexing that I had in my configuration and I was able to get the dashboards to load properly.
- Ingesting SQL Server ErrorLog using Filebeat with the mssql module
- Filebeat over HTTPS
- Filebeat : data path already locked by another beat. Please make sure that multiple beats are not sharing the same data path
- Format of .log file in Kubernetes and how log parsed by Filebeat
- http.host: 0.0.0.0 - ERROR lookup logstash : no such host
- How to add field for logsstream from specific name in elasticserach logstream
- Sending logs of (rootless) podman containers to ELK?
- Regex not worked in filebeat
- my bashrc contains strange characters (if Ä -f ü/.bash_aliases Å; then . ü/.bash_aliases fi)
- Parsing k8s docker container json log correctly with Filebeat 7.9.3
- Filebeat on Azure Kubernetes Service(AKS) with Helm
- How to make a filebeat config to collect a specific lines from a file
- Windows docker: permission denied /var/run/docker.sock
- Enabling dashboards for filebeat
- Logstash + nginx: Fields wont be added
- Why isn't my filebeats if processor working?
- Kubernetes metadata not loading into OpenSearch after EKS Upgrade
- Filebeat Cisco Module for Nexus having errors reading the config file
- Does ECK required logstash
- Filebeat not sending data to elasticsearch
- Strange error with empty delimiter in dissect processor in filebeat
- filebeat ingress timestamp replace with application timestamp
- Filebeat not creating index in Opensearch
- elastic-agent is not collecting data
- Logstash data filter for column with multiplevalues to array type
- Why is filebeat creating a new datastream everyday?
- Configuring Filebeat to ingest and parse .ndjson files
- Putting NGINX in front of kafka
- Strip array off of ndjson data set using elasticsearch pipeline
- FileBeat not sending data to ElasticSearch Kibana