Beats: Non-zero metrics in the last 30s - Filebeat

Created on 11 May 2017 · 9Comments · Source: elastic/beats

Hi,

I'm new to ELK and need to do log forwarding for my Websphere logs

filebeat.yml

filebeat.prospectors:
- input_type: log
  paths:
    # /var/log/*.log
    - D:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\server1\SystemOut.log
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["dcvprdbpm:9200"]

Here is the Filebeat log. It seems there are no errors but I am seeing any metrics on KIBANA 5. What can be the issue?

Log Output

017-05-11T23:25:05+02:00 INFO Home path: [C:\Program Files\Filebeat] Config path: [C:\Program Files\Filebeat] Data path: [C:\\ProgramData\\filebeat] Logs path: [C:\Program Files\Filebeat\logs]
2017-05-11T23:25:05+02:00 INFO Setup Beat: filebeat; Version: 5.2.1
2017-05-11T23:25:05+02:00 INFO Loading template enabled. Reading template file: C:\Program Files\Filebeat\filebeat.template.json
2017-05-11T23:25:05+02:00 INFO Loading template enabled for Elasticsearch 2.x. Reading template file: C:\Program Files\Filebeat\filebeat.template-es2x.json
2017-05-11T23:25:05+02:00 INFO Elasticsearch url: http://dcvprdbpm:9200
2017-05-11T23:25:05+02:00 INFO Activated elasticsearch as output plugin.
2017-05-11T23:25:05+02:00 INFO Publisher name: dcvtstfp852ce
2017-05-11T23:25:05+02:00 INFO Flush Interval set to: 1s
2017-05-11T23:25:05+02:00 INFO Max Bulk Size set to: 50
2017-05-11T23:25:05+02:00 INFO filebeat start running.
2017-05-11T23:25:05+02:00 INFO Registry file set to: C:\ProgramData\filebeat\registry
2017-05-11T23:25:05+02:00 INFO Loading registrar data from C:\ProgramData\filebeat\registry
2017-05-11T23:25:05+02:00 INFO States Loaded from registrar: 584
2017-05-11T23:25:05+02:00 INFO Loading Prospectors: 1
2017-05-11T23:25:05+02:00 INFO Starting Registrar
2017-05-11T23:25:05+02:00 INFO Start sending events to output
2017-05-11T23:25:05+02:00 INFO Starting spooler: spool_size: 2048; idle_timeout: 5s
2017-05-11T23:25:05+02:00 INFO Prospector with previous states loaded: 584
2017-05-11T23:25:05+02:00 INFO Loading Prospectors completed. Number of prospectors: 1
2017-05-11T23:25:05+02:00 INFO All prospectors are initialised and running with 584 states to persist
2017-05-11T23:25:05+02:00 INFO Starting prospector of type: log
2017-05-11T23:25:05+02:00 INFO Harvester started for file: d:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\server1\SystemOut.log
2017-05-11T23:25:10+02:00 INFO Connected to Elasticsearch version 5.2.2
2017-05-11T23:25:10+02:00 INFO Trying to load template for client: http://dcvprdbpm:9200
2017-05-11T23:25:10+02:00 INFO Template already exists and will not be overwritten.
2017-05-11T23:25:35+02:00 INFO Non-zero metrics in the last 30s: registrar.writes=1 libbeat.es.publish.write_bytes=10515 libbeat.publisher.published_events=21 registrar.states.update=606 filebeat.harvester.running=1 libbeat.es.publish.read_bytes=863 filebeat.harvester.started=1 libbeat.es.published_and_acked_events=21 registar.states.current=584 publish.events=606 filebeat.harvester.open_files=1 libbeat.es.call_count.PublishEvents=1
2017-05-11T23:26:05+02:00 INFO No non-zero metrics in the last 30s

Filebeat question

Source

mike10555

All 9 comments

Based on the logs, it looks like Filebeat has written events to Elasticsearch. If you query elasticsearch from the dev tools console in Kibana with

GET _cat/indices?v

what do you get?

andrewkroh on 12 May 2017

Please take this over to https://discuss.elastic.co/c/beats and we'll pick up there.

Please post all questions and issues on https://discuss.elastic.co/c/beats
before opening a Github Issue. Your questions will reach a wider audience there,
and if we confirm that there is a bug, then you can open a new issue.

andrewkroh on 12 May 2017

Yes the issue was correlate with index as no 'Filebeat' was present on Kibana
I added a new index Filebeat on Kibana
All is working now. Thanks a lot for ur reactivity !

mike10555 on 29 May 2017

What did you do @mike10555 to make it work? I' m also having the same trouble right now. Thanks.