Filebeat can be installed on various operating systems. This troubleshooting guide is designed for Linux installations of Filebeat but can be adapted to other operating systems. We assume that you have already followed the instructions to configure Filebeat found here.
First... wait a few minutes
Wait a few minutes after sending your logs to give us time to index and make them available for search. It normally happens from within seconds to one minute, but sometimes it can take longer.
Check out our status page
If Logz.io isn’t seeing data, check our status page to make sure that we are indexing your data and that all systems are operational. You should see a green, horizontal bar with "All Systems Operational" inside.
Check your Filebeat configuration
Restart Filebeat again to make sure that your recent changes will take effect:
$ sudo service filebeat restart
If you get an error with your Filebeat.yml file, it could be caused by one of many potential issues. One of the most common issues is indenting with tabs instead of spaces. You can use yamllint to check if your yml file is valid and to clean up extra characters.
NOTE: Even if your YML file is valid, this does not necessarily mean that the configuration is correct.
Check the registry file
Filebeat uses a registry file to keep track of the locations of the logs in the files that have already been sent between restarts of filebeat. Make sure that the path to the registry file exists, and check if there are any values within the registry file. You can find the path of your registry file by looking at the filebeat.yml file and searching for the field "registry_file". In our example configuration, it is in the following location:
registry_file: /var/lib/filebeat/registry
If the registry file does not exist or it only contains empty curly braces "{}", then either Filebeat is not running or it cannot find any logs to process.
Verify that the path to your logs is correct
Check that the TLS certificate is in the correct location
certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt']
Check if your server has access to the Logz.io listener
telnet listener.logz.io 5015
The good outcome:
Connected to listener-group.logz.io Escape character is '^]'.
(to get out of that, type Ctrl+] and type "quit")
The bad outcome:
trying xxx.xxx.xxx.xxx....
If you are unable to telnet to liestener.logz.io on port 5015, please adjust your network settings to allow this communication. For a list of all the IP's that are used for listener.logz.io, click here.
Validate connection established (example):
$ sudo netstat -taupn | grep filebeat tcp 0 0 172.17.0.2:44912 52.21.71.179:5015 ESTABLISHED 39/filebeat
If no output is been sent, something is wrong. Check your network connectivity again.
Manually put something in the shipped log file to see if it is sent:
echo hello >> /var/log/my_log_file.log
Comments
2 comments
Troubleshooting ataff is great.
God bless you
This will help us greatfully as we always have problems of these items
Please sign in to leave a comment.