earlier the log was processing normally but after configuring the X-PACK log is not coming ...
my logstash configuration is
input {
tcp {
port => 5044
charset => "ISO-8859-1"
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
and the error msg of logstash is
"[2017-02-14T12:51:07,865][ERROR][logstash.inputs.metrics ] Failed to create monitoring event {:message=>"For path: events", :error=>"LogStash::Instrument::MetricStore::MetricNotFound"}"
some one suggesting me to add "action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*
" to the elasticsearch.yml i've added this property but still log is not showing in the kibana dashboard
Kindly help me in this regard ....
thanks...