Elasticsearch on icinga interface only shows kernel logs

elasticseach
kibana
icinga2

#1

hello guys!

I’m trying to centralice logs on the icinga2 server using elasticsearch and kibana (kibana just for test if everything is working, after that I just want to see the logs on the icingaweb2 interface)

I installed elasticsearch and kibana on the same server than icinga2, all seems to work fine (it’s almost everything with the default configs, just changed some IPs), I can see the full syslog detail from every host on kibana, just like the old and beloved “tail -f /var/log/messages”

I installed the elesticsearch icingaweb2 module and configured the basic instance and one event type, and it works, I can see the logs, but is not the same, I just seing some logs (kernel logs, not all of the logs on rsyslog), and I don’t understand why , even when I use “*” as a filter

I’ll omit the kibana and elasticsearch configs because them works fine (unless you want to see them, just ask)

instance config:
cat /etc/icingaweb2/modules/elasticsearch/instances.ini
[Elasticsearch]
uri = “http://my_ip:9200”

cat /etc/icingaweb2/modules/elasticsearch/eventtypes.ini 
[Filebeat]
instance = "Elasticsearch"
index = "filebeat-*"
filter = "beat.hostname={host.name}"
fields = "*"

PS: with the index and fieds = “*” i get the same results.

so, this is the kibana interface


and this is the icingaweb2 elasticsearch display.

any hint is welcome!

thank you very much.


#2

solved, missing filter in the logstash output.