I am trying to setup an Elasticsearch and Kibana on my server and the input data for Elasticsearch is a splunk log forwarder. The splunk is being managed by a third party company and they have configured the log forwarding to my Elasticsearch server on port 9200.
However I am not seeing any data on Elasticsearch. Here is how we have configured the Elastic Search.
On top, we have a h/w load balancer on which we have configured the public IP (internet facing). From there the request will fwd to webserver(Apache) and below to that we have the application server(elastic). Both Load balancer and Apache are being managed by a different team.
Is there any extra configuration required to get the log onto application server? I am able to access Elasticsearch in browser with publicIP:9200 but there is no data being received by elasticsearch.
I would be surprised if the Splunk log forwarder supported the Elasticsearch bulk format, so suspect you will need to send this data through Logstash, potentially using a TCP input plugin.
Thanks for your update. I tried adding logtash as mentioned. However now the elastic search is failing with below error.
ADMINSHELL :/etc/elasticsearch # /etc/init.d/elasticsearch status
elasticsearch dead but subsys locked ADMINSHELL :/etc/elasticsearch #
To add logstash to the system I am doing the below configuration. Logstash will listen on port 9200 and outputs the result to 9300 which in turn will be used by elasticsearch.
network.bind_host: 0.0.0.0
transport.host: localhost
transport.tcp.port: 9300 #Set a custom port for HTTP:
http.port: 9300
I am not able to make elasticsearch running with port 9300. Also with the above logstash configuration I am not sure what service will be running in port 9200 to scan the incoming logs.
Do not use port 9200 for the TCP input as this will be misleading. If you do, use e.g. 9201 for the Elasticsearch HTTP port, as it must be different from the transport port.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.