Search results do not include the expected z/OS data
In Kibana, the search results do not include the expected z/OS® data.
If data that is issued in a z/OS logical partition (LPAR) is not shown in Kibana, the following steps can help you determine possible causes.
Step 1: Verify that Logstash is running
Run the following commands to verify that Logstash is using the default port that is specified in
the B_cdpz.conf file:
- On Linux® systems
-
netstat -an | grep 8080
If the type of your Logstash image is .deb or .rpm, you can also use the following command:service logstash status
- On Windows systems
-
netstat -an | find "8080"
Step 2: Verify that Elasticsearch has no errors
Check the elasticsearch.log file for any errors that indicate problems with
the network connection, data ingestion, incorrect mapping, or an incorrect template.
- On Linux systems
- If the type of your Logstash image is .tar.gz or .zip,
run the following command to open the elasticsearch.log file:
cat YOUR_EXTRACTION_PATH/logs/elasticsearch.log
If the type of your Logstash image is .deb or .rpm, run the following command to open the elasticsearch.log file:cat /var/logs/elasticsearch/elasticsearch.log
- On Windows systems
- Use Notepad to open the YOUR_EXTRACTION_PATH/logs/elasticsearch.log file.
Step 3: Verify that data is being received from Z Common Data Provider
Verify that data is being received by Logstash and written to Elasticsearch.
- On Linux systems
- To verify that data is being received by Logstash and written to Elasticsearch, run the
following
command:
curl ELASTICSEARCH_HOST/IP>:9200/_cat/indices
- On Windows systems
- To verify that data is being received by Logstash and written to Elasticsearch, open the
following URL in a web browser:
http://ELASTICSEARCH_HOST/IP>:9200/_cat/indices
The output includes index names. Check for indices that start with zoa
and end
with a recent time stamp.
Complete the following steps, depending on whether data is being written to Elasticsearch:
- If data is not being written to Elasticsearch
- Check for Logstash error logs.
- If data is being written to Elasticsearch
-
- Verify that IBM Z® Operational Log and Data Analytics is installed on the Elastic Stack platform.
- In Kibana, verify that you are searching within a valid time range.
- Verify that your index pattern is
zoa-*
and that this pattern is created automatically. - In Kibana, verify that no warnings are indicated.