Create indexs in elasticsearch using logstash & filebeat

bob_ve · October 11, 2018, 2:26pm

I was not able to see any data or any indexs in elasticsearch . I was using filebeat --> logstash --> elasticsearch

filebeat.yml

filebeat.inputs:

-> type: log

paths:
- /var/log/hadoop/hadoop/hive/gc.log*
document_type: hivemetastore

type: log

paths:

/var/log/hadoop/hadoop/hdfs/gc.log*
document_type: hdfs

logstash.conf

input {
beats {
port => 5044
}
}

output{

if [document_type] == "hdfs" {
elasticsearch {
hosts => ["endpoint:443"]
action => "index"
index => "hdfs"
}
}

if [document_type] == "hivemetastore" {
elasticsearch {
hosts => ["endpoint:443"]
action => "index"
index => "hive"
}
}

}

I'm not sure where i was doing wrong. without if condition i was able to see logs.

system · November 8, 2018, 2:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Not able to create /see any indexs in elasticsearch Beats filebeat	2	333	November 13, 2018
Logstash not writing to ElasticSearch Logstash	2	920	January 30, 2019
Unable to create an index in elastic search through filebeat/ logstash in 5.2 version Elasticsearch	1	405	September 26, 2018
No indexes created in Elasticsearch Elasticsearch	14	1956	February 11, 2019
How to create multi indices with multi logs from filebeat? Beats filebeat	3	937	June 28, 2018