Elasticsearch on icinga interface only shows kernel logs



hello guys!

I’m trying to centralice logs on the icinga2 server using elasticsearch and kibana (kibana just for test if everything is working, after that I just want to see the logs on the icingaweb2 interface)

I installed elasticsearch and kibana on the same server than icinga2, all seems to work fine (it’s almost everything with the default configs, just changed some IPs), I can see the full syslog detail from every host on kibana, just like the old and beloved “tail -f /var/log/messages”

I installed the elesticsearch icingaweb2 module and configured the basic instance and one event type, and it works, I can see the logs, but is not the same, I just seing some logs (kernel logs, not all of the logs on rsyslog), and I don’t understand why , even when I use “*” as a filter

I’ll omit the kibana and elasticsearch configs because them works fine (unless you want to see them, just ask)

instance config:
cat /etc/icingaweb2/modules/elasticsearch/instances.ini
uri = “http://my_ip:9200”

cat /etc/icingaweb2/modules/elasticsearch/eventtypes.ini 
instance = "Elasticsearch"
index = "filebeat-*"
filter = "beat.hostname={host.name}"
fields = "*"

PS: with the index and fieds = “*” i get the same results.

so, this is the kibana interface

and this is the icingaweb2 elasticsearch display.

any hint is welcome!

thank you very much.


solved, missing filter in the logstash output.