Im new to ELK.. Still not installed and worked successfully.
i installed elasticsearch, logstash and kibana in my ubuntu machine.
while executing the web ui 5601 it leads to configure an index pattern..
Please take me out from this issue.. for last three days im stuck with this..
Have you loaded any data into Elasticsearch that Kibana can visualize?
yes....
Could i know how to get data into logstash..
I kept this .conf at /logstash/bin/
input {
file {
path => "/home/linux/Downloads/FINAL1.csv"
start_position => beginning
}
}
filter {
csv {
columns => [
"Accident_Index",
"Type of vehicle",
"VehicleName",
"Longitude",
"Latitude",
"Location_Easting_OSGR",
"State",
"City",
"Day_of_Week",
"Time",
"Speed_limit",
"Road_Type",
"Urban_or_Rural_Area",
"Pedestrian_Crossing-Human_Control",
"Light_Conditions",
"Weather_Conditions",
"Road_Surface_Conditions",
"Did_Police_Officer_Attend_Scene_of_Accident",
"Number_of_Vehicles"
]
separator => ","
}
}
output {
elasticsearch {
protocol => "http"
host => localhost
action => "index"
index => "accidents"
}
stdout { }
}
but it throwed an error.
Can u pls guide me how to load data in elasticsearch????????
If it threw an error it probably didn't collect data for Elasticsearch.
Do you have sense interface loaded in a browser?
GET /_cat/indices?v
or use CURL from command line on your elasticsearch server.
curl -XGET "http://localhost:21162/_cat/indices?v "
You will get a list of indices stored in Elastic and a count of documents in each index.
You can manually put data into Elasticsearch just to force creation of an index.
From command line on ES server issue the folling command
will create and write data to the website index.
curl -XPUT "http://localhost:9200/website/blog/2 " -d'{ "title": "My first blog entry", "text": "I am begenning to get the hang of this...", "date": "2014/01/02" }'
will get what you just wrote
curl -XGET "http://localhost:9200/website/blog/1?pretty"
Now go back to Kibana and see if it finds your website index. There will only be one document in the index but at least you will know how Kibana will respond when it sees a valid index.
will delete the website index and ALL documents Dont do this until you are done testing with this index.
curl -XDELETE "http://localhost:9200/website"
Dear Sir,
I just followed your instructions
It reflects as
"message" => "./logstash -f ./logstash-accidents.conf -v",
"@version" => "1",
"@timestamp" => "2016-04-01T16:56:08.471Z",
"host" => "linux"
Now how i can view the final.csv dataset.
In search if give FINAL1 or accidents it not showing anythin. only logstash -* is there as default index.
for your reference im adding the snapshot
You can always goto Settings and add a new index pattern.
You can verify your index exists with the cat indexes API: https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-indices.html
It appears you only have one index and its named logstash-* The record you show in the last screen shot shows the logstash log. It was logged when you ran the command and shows logstash activity, not the contents of the csv file.
I don't think it created any index except the logstash-# index that logged when you ran the command.
If you re-run the
./logstash -f ./logstash-accidents.conf -v
command the logstash-* index will probably have two entries on the discovery page logstash-* view. the one above and a new one.
If you had more than one index the Discover page will have a down arrow next to your index name to select different indices. See screen shots below.
Closed Just current index.
Open you will see a list of available indices.
And as Tyler mentioned add an index to see additional data.
And it is best to go back to Elasticsearch to see exactly what indices you have.
Sense interface from Kibana is nice.
Screen shot of new Sense panel
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
