This article will help you diagnose no data appearing in your Logs, Metrics or Tracing Stacks.

1. Ensure your data source is configured correctly 

Getting started sending data to your Stacks is quick and simple, using the Data Source Integrations you can access pre-configured setup and snippets for nearly hundreds of data sources. integrations and data sources

How to use the Data Source Integrations 

  1. Login to your account.

  2. For any of your stacks choose Send Logs, Send Metrics or Send Traces

  3. Type the name of the data source you are configuring or just browse for it.

  4. Follow the integration steps for your chosen data source (you can copy the snippets including pre-populated stack ids and keys!).

2. Enable logging if you are using an Elastic Beat

If you are using an Elastic Beat to send data into Elasticsearch or OpenSearch (e.g. Filebeat, Metricbeat etc.)  You can enable additional logging to the daemon by running it with the -e command line flag. This will redirect the output that is normally sent to Syslog to standard error. For example, see the command below.

filebeat -e
Filebeat e

You will be able to diagnose whether the Elastic Beat is able to harvest the files properly or if it can connect to your Logstash or Elasticsearch node.

3. Check Logstash logs for your stack

You can check the Logstash log output for your ELK stack from your dashboard. 

From any Stack in your dashboard choose Settings > Diagnostic Logs. You will see an output similar to below. Any errors with Logstash will appear here.

Logstash logs

4. Can you see your data in Elasticsearch?

To check if your data is in Elasticsearch we need to query the indices. To do this you will need to know your endpoint address and your API Key. From any Stack in your dashboard choose Settings > Elasticsearch Settings or Settings > OpenSearch Settings

Elasticsearch endpoints and API key

To query the indices run the following curl command, substituting the endpoint address and API key for your own. Alternatively, you can navigate to the URL in a web browser remembering to substitute the endpoint address and API key for your own.

curl "https://Your"

You should see something returned similar to the below image. Anything that starts with . are system indices. Everything else are regular indices, if you can see regular indices that means your data is being received by Elasticsearch.


If your data is being sent to Elasticsearch but you can't see it in Kibana or OpenSearch dashboards. It could be that you're querying one index in Kibana but your data is in another index. You can refer to this help article to learn more about indexes.

5. Can you connect to your Stack?

Can you connect to your stack or is your firewall blocking the connection.

Run the following commands to check if you can connect to your stack.
Remember to substitute the Logstash endpoint address & TCP SSL port for your own Logstash endpoint address & port.

On Linux/Mac machines

In terminal run:

openssl s_client -connect <Your Logstash Endpoint><your-stack-TCP-SSL-port>

On windows machines

In Powershell run:

Test-NetConnection -Port <your-stack-TCP-SSL-port> -ComputerName <Your Logstash Endpoint> -InformationLevel Detailed

If your ports are open you should receive output similar to the below ending with a verify return code of 0 from the Openssl command.

Verify return code example

From Powershell you should see something similar to the below if the port is open:

You can find the details for your stacks Logstash endpoint address & TCP SSL port under the Logstash inputs tab on the stack settings menu from your dashboard.

Logstash inputs

6. Can you resolve the DNS? 

To confirm you can connect to your stack use the example below to try and resolve the DNS of your stacks Logstash endpoint.

In Windows open a command prompt and run the following command: 


On Linux / Unix / macOS you can use dig.

dig a

Still having trouble?

If you are still having trouble you can contact our support team here.

What's next

Did this answer your question?