05.08.2025
113
0
0Elastic (ELK) Standalone Agent - Filebeat sendet keine Logs
Hallo zusammen,
ich habe mal eine kleine ELK-Instanz aufgesetzt, die von einem Standalone Elastic Agent Metriken bekommt.
Also dieses Daten kommen an:
Aber die Atlassian-Audit-Logs nicht:
Liegt es möglicherweise daran, dass ich für diese Logs keine Indizes erstellt und für den Agent keine Berechtigungen eingerichtet habe?
Hat jemand eine Idee was das Problem sein kann?
Vielen Dank für eure Rückmeldung.
JoFla
ich habe mal eine kleine ELK-Instanz aufgesetzt, die von einem Standalone Elastic Agent Metriken bekommt.
id: b77b2ba4-ce32-40ae-8d6c-5595a53134ca
revision: 2
outputs:
default:
type: elasticsearch
hosts:
- https://172.30.68.64:9200
ssl.ca_trusted_fingerprint: 3c10deb6c57f5fda966abceecb9510f1b24ce19653586d0554axxxxxxxxxxxxxxx
api_key: '9eVPepgBAcLwyka50jID:KmE2dPQ7-xxxxxxxxxxxx
preset: balanced
output_permissions:
default:
_elastic_agent_monitoring:
indices:
- names:
- logs-elastic_agent.apm_server-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.apm_server-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.auditbeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.auditbeat-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.cloud_defend-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.cloudbeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.cloudbeat-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.elastic_agent-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.endpoint_security-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.endpoint_security-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.filebeat_input-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.filebeat_input-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.filebeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.filebeat-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.fleet_server-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.fleet_server-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.heartbeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.heartbeat-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.metricbeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.metricbeat-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.osquerybeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.osquerybeat-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.packetbeat-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.packetbeat-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.pf_elastic_collector-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.pf_elastic_symbolizer-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.pf_host_agent-default
privileges:
- auto_configure
- create_doc
- names:
- logs-elastic_agent.status_change-default
privileges:
- auto_configure
- create_doc
_elastic_agent_checks:
cluster:
- monitor
agent:
download:
sourceURI: https://artifacts.elastic.co/downloads/
monitoring:
enabled: true
use_output: default
logs: true
metrics: true
traces: true
namespace: default
features: {}
inputs:
- type: system/metrics
id: unique-system-metrics-input
data_stream.namespace: default
use_output: default
streams:
- metricsets:
- cpu
data_stream.dataset: system.cpu
- metricsets:
- memory
data_stream.dataset: system.memory
- metricsets:
- network
data_stream.dataset: system.network
- metricsets:
- filesystem
data_stream.dataset: system.filesystem
- metricsets:
- process
filebeat.inputs:
- type: filestream
id: cisb-jira-test
paths:
- /var/log/messages
- /var/log/*.log
- /var/atlassian/application-data/jira/log/audit/*.log
secret_references: []
namespaces:
- defaultAlso dieses Daten kommen an:
streams:
- metricsets:
- cpu
data_stream.dataset: system.cpu
- metricsets:
- memory
data_stream.dataset: system.memory
- metricsets:
- network
data_stream.dataset: system.network
- metricsets:
- filesystem
data_stream.dataset: system.filesystem
- metricsets:
- processAber die Atlassian-Audit-Logs nicht:
filebeat.inputs:
- type: filestream
id: cisb-jira-test
paths:
- /var/log/messages
- /var/log/*.log
- /var/atlassian/application-data/jira/log/audit/*.logLiegt es möglicherweise daran, dass ich für diese Logs keine Indizes erstellt und für den Agent keine Berechtigungen eingerichtet habe?
output_permissions:
default:
_elastic_agent_monitoring:
indices:
- names:
- logs-elastic_agent.apm_server-default
privileges:
- auto_configure
- create_doc
- names:
- metrics-elastic_agent.apm_server-default
privileges:
- auto_configure
- create_docHat jemand eine Idee was das Problem sein kann?
Vielen Dank für eure Rückmeldung.
JoFla
Kommentieren
Teilen
Auf Facebook teilen
Auf X (Twitter) teilen
Auf Reddit teilen
Auf Linkedin teilenBitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 674178
Url: https://administrator.de/forum/elastic-agent-filebeat-logs-problem-674178.html
Ausgedruckt am: 05.08.2025 um 17:08 Uhr
