Hi Everyone,
I'm pretty new to the ELK stack and love it so far. However, I'm running into some subtle issues and hope you guys can help.
I'm on Elasticsearch Version 6.2.1 with the latest Kibana, Logstash and Filebeat versions and X-Pack successfully installed.
1.) When starting Logstash, I do see the following in the logs:
You are using a deprecated config setting "document_type" set in elasticsearch.
I don't know where I am supposed to have document_type configured.
/etc/logstash/conf.d/logstash.conf:
input {
beats {
port => 5044
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/certs/logstash-forwarder.key"
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => filebeat_internal
password => ***
}
}
So there is no document_type in the configuration.
2.) When starting Logstash, I see
[2018-02-18T23:03:28,980][WARN ][logstash.inputs.beats ] Beats input: SSL Certificate will not be used
[2018-02-18T23:03:28,980][WARN ][logstash.inputs.beats ] Beats input: SSL Key will not be used
Why is that? I have configured cert and key for the input and made sure the files are available.
Any help is greatly appreciated!