logstash - Amazon Linux 2 server monitoring with ELK stack

Question

I am new in Kibana. The problem is that I installed an ELK stack on the Ubuntu 20.04 server. I have no problem getting any logs from all of my other servers regardless of the operating system they are using. However, I am have problems with the filebeat modules and dashboards that came with it. For example [Filebeat System] Syslog dashboard ECS everything works fine with Ubuntu servers, but with Amazon Linux 2 servers I get correct data only from the syslog board. Sudo commands and SSH logins do not return anything. It's the same with Redis and mongodb dashboards. Somehow I managed to get the nginx dashboard to work. My setup looks like this: Master server monitoring with ELK and filebeat installed. The monitoring target are on other servers under the direction of the amazon linux 1 2, and ubuntu 16 18 20. They have filebeat 7.10 installed on them, which transmits data to the logstash main server. On master server i have 2 config files to logstash input/output.

    /etc/logstash/conf.d/02-beats-input.conf
    input {
      beats {
        port => 5044
      }
    }

and

    /etc/logstash/conf.d/30-elasticsearch-output.conf
    output {
      if [@metadata][pipeline] {
        elasticsearch {
        hosts => ["localhost:9200"]
        manage_template => false
        index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
        pipeline => "%{[@metadata][pipeline]}"
        }
      } else {
        elasticsearch {
        hosts => ["localhost:9200"]
        manage_template => false
        index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
        }
      }
    }

Please tell me what other useful information I can send you. Or correct if I'm doing something wrong. Thank you. Regards.

Answer 1

等待大神答复