Hi,
In recent version of filebeat6.2.4 "document_type" is missing.
and on ELK server i have stetted the filter for logstash with reference to type is :
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
Due to that i am not able to set indices.
In kibana it is showing "Couldn't find any Elasticsearch data "
Please help me to resolve this.