Dear All,
I am trying to load some data into Kibana using Logstash.
I searched on the internet about it and I found a sample how to load the data from this link : https://github.com/elastic/examples/tree/master/ElasticStack_apache
However when I try to run a command to load sample logs into Elasticsearch, I have got this error:
And, this is return values from http://localhost:9200/_cat/indices?v:
Anyway, I run Kibana from Windows 10 pc. Any ideas how to solve this issue?
Thank You.
It doesn't run with java like this
Just remove it (use logstash as it is a .bat file)
As magnus answered there:
And if you check a bit around, you'll see that if logstash is installed in a dir with a space: it will fail.
So rename your folder or move logstash in other dir.
(Btw, as a linux fan, I recommend you, when you work, to never use folder with space, replace them with _, and the same with -. It can sometime save you)
Hi Nico,
I have change the directory with no space.
However I have got another error:
And, when I go to http://localhost:9200/apache_elastic_example/_count to verify, I have this message:
Any setting that I missed?
can you copy/paste your config file?
(with indentation and using formatted text?)
And I suppose you have x-pack?
Do you mean apache_logstash.conf?
Here it is:
input {
stdin { }
}
filter {
grok {
match => {
"message" => '%{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:response:int} (?:-|%{NUMBER:bytes:int}) %{QS:referrer} %{QS:agent}'
}
}
date {
match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
locale => en
}
geoip {
source => "clientip"
}
useragent {
source => "agent"
target => "useragent"
}
}
output {
stdout {
codec => dots {}
}
elasticsearch {
index => "apache_elastic_example"
template => "./apache_template.json"
template_name => "apache_elastic_example"
template_overwrite => true
}
}
Yes, I have installed the x-pack.
Thank You.
Then you just need to configure X-Pack correctly, as it says to you that the user kibana (the one your trying to do a lookup with) as not the correct right to do this. I advise you to check its role and how to configure it correctly
Hi Nico,
I have change to elastic user as superuser.
When I run the command, I am still got the same error, but when I go to http://localhost:9200/apache_elastic_example/_count, I have this error instead:
Any ideas?
Thank You.
It tells you that the index apache_elastic_example does not exists
You can check the existing indices here: http://localhost:9200/_cat/indices?v
As for logstash, you might have to configure it (check here for instance: https://www.elastic.co/guide/en/x-pack/5.4/logstash.html) to allow it to write
I see, this is the return from http://localhost:9200/_cat/indices?v
Did I missed something?
I just put the files inside logstash bin folder:
All the sample files I get from https://github.com/elastic/examples/tree/master/ElasticStack_apache
Thank You.
I append this to my last comment. Logstash user might not have the right to create template, write index, etc, as the response code is 401: unauthorized
I can only tell you that. For further info on x-pack and configuration, I can't really help you. If you don't find the solution, you'll have to wait for someone else
I see. Okay then.
I will try to configure it.
Thanks Nico!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
