No results ... no results because no indices were found

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
acwong
Posts: 10
Joined: Tue Sep 10, 2019 4:01 pm

No results ... no results because no indices were found

Post by acwong »

My Nagios LS Dashboard is not showing any events. The last events received were on 7/27. :?:
Top
User avatar
mbellerue
Posts: 1403
Joined: Fri Jul 12, 2019 11:10 am

Re: No results ... no results because no indices were found

Post by mbellerue »

In Log Server, can you head to Admin -> Index Status and see if you have indicies for 07/28 through 07/31?

Also, if you can go to Admin -> System Status -> Download System Profile, and send in the profile (you can PM it to me), that might also help in troubleshooting this issue.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
User avatar
mbellerue
Posts: 1403
Joined: Fri Jul 12, 2019 11:10 am

Re: No results ... no results because no indices were found

Post by mbellerue »

It looks like logstash may not be running. Can you ssh into Log Server as root and check the status of the Logstash service?

Code: Select all

systemctl status logstash
Also, let's get the output of these commands,

Code: Select all

ls -lh /usr/local/nagioslogserver/logstash/
ls -lh /usr/local/nagioslogserver/logstash/etc/
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
User avatar
mbellerue
Posts: 1403
Joined: Fri Jul 12, 2019 11:10 am

Re: No results ... no results because no indices were found

Post by mbellerue »

Okay, that definitely should not say exited. Let's start it up, wait about a minute, and then check the status again. If it goes back to exited, grab another system profile, and send that in to me. That should have the logs that will tell us why it failed to start, or why it crashed.

Code: Select all

systemctl start logstash && sleep 60 && systemctl status logstash
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
User avatar
mbellerue
Posts: 1403
Joined: Fri Jul 12, 2019 11:10 am

Re: No results ... no results because no indices were found

Post by mbellerue »

Still nothing showing up in the system log. That's strange. Can you give me the output of these commands?

Code: Select all

systemctl status logstash -l
systemctl status elasticsearch -l
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
User avatar
mbellerue
Posts: 1403
Joined: Fri Jul 12, 2019 11:10 am

Re: No results ... no results because no indices were found

Post by mbellerue »

Alright, one more thing to try. Let's restart Elasticsearch, and then assuming it comes back into a running state, start LogStash.

Code: Select all

systemctl status elasticsearch && systemctl restart elasticsearch && sleep 10 && systemctl status elasticsearch
That should come back saying that Elasticsearch is running for the past several seconds, rather than nearly 2 months. If it does, let's start up LogStash.

Code: Select all

systemctl start logstash && sleep 10 && systemctl status logstash
Let's see what we get.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
Locked

Return to “Nagios Log Server”