Page 1 of 1
No results ... no results because no indices were found
Posted: Thu Jul 30, 2020 8:10 pm
by acwong
My Nagios LS Dashboard is not showing any events. The last events received were on 7/27.
Re: No results ... no results because no indices were found
Posted: Fri Jul 31, 2020 11:46 am
by mbellerue
In Log Server, can you head to Admin -> Index Status and see if you have indicies for 07/28 through 07/31?
Also, if you can go to Admin -> System Status -> Download System Profile, and send in the profile (you can PM it to me), that might also help in troubleshooting this issue.
Re: No results ... no results because no indices were found
Posted: Mon Aug 03, 2020 5:11 pm
by mbellerue
It looks like logstash may not be running. Can you ssh into Log Server as root and check the status of the Logstash service?
Also, let's get the output of these commands,
Code: Select all
ls -lh /usr/local/nagioslogserver/logstash/
ls -lh /usr/local/nagioslogserver/logstash/etc/
Re: No results ... no results because no indices were found
Posted: Thu Aug 06, 2020 10:47 am
by mbellerue
Okay, that definitely should not say exited. Let's start it up, wait about a minute, and then check the status again. If it goes back to exited, grab another system profile, and send that in to me. That should have the logs that will tell us why it failed to start, or why it crashed.
Code: Select all
systemctl start logstash && sleep 60 && systemctl status logstash
Re: No results ... no results because no indices were found
Posted: Thu Aug 06, 2020 2:56 pm
by mbellerue
Still nothing showing up in the system log. That's strange. Can you give me the output of these commands?
Code: Select all
systemctl status logstash -l
systemctl status elasticsearch -l
Re: No results ... no results because no indices were found
Posted: Mon Aug 10, 2020 8:07 am
by mbellerue
Alright, one more thing to try. Let's restart Elasticsearch, and then assuming it comes back into a running state, start LogStash.
Code: Select all
systemctl status elasticsearch && systemctl restart elasticsearch && sleep 10 && systemctl status elasticsearch
That should come back saying that Elasticsearch is running for the past several seconds, rather than nearly 2 months. If it does, let's start up LogStash.
Code: Select all
systemctl start logstash && sleep 10 && systemctl status logstash
Let's see what we get.