After configuring the X-PACK log is not coming to logstash

Elastic Stack Logstash
1

earlier the log was processing normally but after configuring the X-PACK log is not coming ...

my logstash configuration is

input {
tcp {
port => 5044
charset => "ISO-8859-1"
}
}

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}

and the error msg of logstash is

"[2017-02-14T12:51:07,865][ERROR][logstash.inputs.metrics ] Failed to create monitoring event {:message=>"For path: events", :error=>"LogStash::Instrument::MetricStore::MetricNotFound"}"

some one suggesting me to add "action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*
" to the elasticsearch.yml i've added this property but still log is not showing in the kibana dashboard

Kindly help me in this regard ....

thanks...

2

Can you run that again with the --log.level=debug flag? That will give a full stacktrace allowing us debug further. Thanks!

1 Like
3

In the output section of elasticsearch in your config mention
user => abc
password => xyz

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.