kibanakibana-5
Httpbeat Metrics not showing up in Kibana
Dears,
I'm new to Kibana/Elasticsearch/Httpbeat and setting it up is causing me a bit of a headace...
Httpbeat runs and pumps data into Elasticsearch:
Although, when I try to create a visualization I run into trouble;
somehow the data is not there...
This might also be usefull:
And the template json:
{
"mappings": {
"_default_": {
"_meta": {
"version": "5.4.0"
},
"dynamic_templates": [
{
"strings_as_keyword": {
"mapping": {
"ignore_above": 1024,
"type": "keyword"
},
"match_mapping_type": "string"
}
}
],
"properties": {
"@timestamp": {
"type": "date"
},
"beat": {
"properties": {
"hostname": {
"ignore_above": 1024,
"type": "keyword"
},
"name": {
"ignore_above": 1024,
"type": "keyword"
},
"version": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"meta": {
"properties": {
"cloud": {
"properties": {
"availability_zone": {
"ignore_above": 1024,
"type": "keyword"
},
"instance_id": {
"ignore_above": 1024,
"type": "keyword"
},
"machine_type": {
"ignore_above": 1024,
"type": "keyword"
},
"project_id": {
"ignore_above": 1024,
"type": "keyword"
},
"provider": {
"ignore_above": 1024,
"type": "keyword"
},
"region": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
}
},
"request": {
"properties": {
"body": {
"ignore_above": 1024,
"type": "keyword"
},
"headers": {
"properties": {},
"type": "nested"
},
"method": {
"ignore_above": 1024,
"type": "keyword"
},
"url": {
"ignore_above": 1024,
"type": "keyword"
}
}
},
"response": {
"properties": {
"body": {
"ignore_above": 1024,
"type": "keyword"
},
"code": {
"ignore_above": 1024,
"type": "keyword"
},
"headers": {
"properties": {},
"type": "nested"
},
"jsonBody": {
"properties": {
"globalTime": {
"type": "long"
}
}
}
}
},
"tags": {
"ignore_above": 1024,
"type": "keyword"
}
}
}
},
"order": 0,
"settings": {
"index.mapping.total_fields.limit": 10000,
"index.refresh_interval": "1m"
},
"template": "httpbeat-*"
}
The httpbeat.yml
######################## Httpbeat Configuration Example ########################
############################## Httpbeat ########################################
httpbeat:
hosts:
# Each - Host endpoints to call. Below are the host endpoint specific configurations
-
# Optional cron expression, defines when to poll the host endpoint.
# Default is every 1 minute.
schedule: "@every 1m"
# The URL endpoint to call by Httpbeat
url: (a correct url)
# HTTP method to use.
# Possible options are:
# * get
# * delete
# * head
# * patch
# * post
# * put
method: get
# Optional additional headers to send to the endpoint
#headers:
#Accept: application/json
# Optional basic authentication
basic_auth:
# Basic authentication username
username: theetsa
# Basic authentication password
password: (a very secret password)
# Type to be published in the 'type' field. For Elasticsearch output,
# the type defines the document type these entries should be stored
# in. Default: httpbeat
#document_type:
# Optional output format for the response body.
# Possible options are:
# * string
# * json
# Default output format is 'string'
output_format: json
# Optional convertion of dots in keys in JSON response body. By default is off.
# Possible options are:
# * replace - replaces dots with a different character. The default value is `_`.
# * unflatten - converts {"foo.bar":false} to {"foo":{"bar":false}}
#json_dot_mode: replace
# Optional additional headers to send to the endpoint
#headers:
#Accept: application/json
# Enable SSL support. SSL is automatically enabled, if any SSL setting is set.
#ssl.enabled: true
# Configure SSL verification mode. If `none` is configured, all server hosts
# and certificates will be accepted. In this mode, SSL based connections are
# susceptible to man-in-the-middle attacks. Use only for testing. Default is
# `full`.
#ssl.verification_mode: full
# List of supported/valid TLS versions. By default all TLS versions 1.0 up to
# 1.2 are enabled.
#ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2]
# Optional SSL configuration options. SSL is off by default.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
# Optional passphrase for decrypting the Certificate Key.
#ssl.key_passphrase: ''
# Configure cipher suites to be used for SSL connections
#ssl.cipher_suites: []
# Configure curve types for ECDHE based cipher suites
#ssl.curve_types: []
#================================ General =====================================
# The name of the shipper that publishes the network data. It can be used to group
# all the transactions sent by a single shipper in the web interface.
#name:
# The tags of the shipper are included in their own field with each
# transaction published.
#tags: ["service-X", "web-tier"]
# Optional fields that you can specify to add additional information to the
# output.
#fields:
# env: staging
#================================ Outputs =====================================
# Configure what outputs to use when sending the data collected by the beat.
# Multiple outputs may be used.
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["localhost:9200"]
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"
#----------------------------- Logstash output --------------------------------
#output.logstash:
# The Logstash hosts
#hosts: ["localhost:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
#================================ Logging =====================================
# Sets log level. The default log level is info.
# Available log levels are: critical, error, warning, info, debug
#logging.level: debug
# At debug level, you can selectively enable logging only for some components.
# To enable all selectors use ["*"]. Examples of other selectors are "beat",
# "publish", "service".
#logging.selectors: ["*"]
I really don't know what I'm doing wrong :-/
I tried to use the same settings as in Metricbeat; where the graphs do work, I also looked inside the logs but couldn't find anything usefull there...
I noticed that the beat version is 4.0.0; which might be the issue, I really don't know :-/
Thanks for any help or pointers...
S.
Solution
I'm not sure what did the trick but I
Stopped httpBeat
stopped elasticSearch
deleted all indexes
rm -Rf data/nodes/0/*restarted elasticSearch
used this template:
httpbeat.template-es2x.json:
{
"mappings": {
"my_type": {
"_meta": {
"version": "5.4.0"
},
"dynamic_templates": [
{
"integers": {
"match_mapping_type": "long",
"mapping": {
"type": "integer"
}
}
}
],
"properties": {
"@timestamp": {
"type": "date"
},
"response": {
"properties": {
"jsonBody": {
"properties": {
"globalTime": {
"type": "long"
}
}
}
}
}
},
"fields": {
"properties": {}
}
-> more about this below...
}
},
"order": 0,
"settings": {
"index.mapping.total_fields.limit": 10000,
"index.refresh_interval": "1m"
},
"template": "httpbeat-*"
}
- and restarted everything
I think mostly the 'fields' was important; when I used the template without I got an error in Kibana about something with 'fields' and:
"fields": {
"properties": {}
}
Was something that was present inside metricbeat.template-es2x.json and not in httpbeat.template-es2x.json it seems to work with that field inside httpbeat.template-es2x.json and not httpbeat.template.json...
Grtz,
S.
ps: if you have an answer that is not based on trail and error I'll accept that instead of this one...
- How can I close over variables in kdb/Q?
- When is the EACH operator extension necessary in K besides mod/rotate?
- Handling single-character strings - in a function or in its caller? ssr()
- Kdb+ data fomat when writing to a file
- How to convert a symbol to a string in kdb+?
- Sum of each two elements using vector functions
- A dictionary with a single value and multiple keys
- Table transformation, table as list of dicts
- Accumulator gives different result then direct function applying
- Reshape [cols;table]
- FK field over IPC
- Protected execution, 2 cases
- Enums for tables
- Converge (fixed point) syntax difference in q and k
- .Q.trp and bt handling
- NULLs in q and in k.h
- Strange view declaration behaviour
- How to build a parse-tree of projections?
- Could not evaluate manually created equial ~ parse tree
- Select distinct for all columns from keyed table
- Parallel execution: blocking receive, deferred synchronous
- Multiple variable assignment in q
- Select a table from the inside of external select
- Select when one of filter-column may not exists
- What is the meaning of `s attribute on a table?
- On parallel execution - which side reports about an error?
- Validate if a keyed table have unique keys
- Applying dictionary to dictionary
- About xkey implementation
- Parse tree built on values from vars