Hi,
I just finished Elastic Stack: Logging Lab 4. However, when I looked at data in Kibana, what I got is different from what is in the tutorial pdf.
The following is the screenshot from my Kibana:
The lines I got below confuse me, which are different from what I should got based off of the Lab 4 pdf.
"tags": [
"beats_input_codec_plain_applied",
"_grokparsefailure",
"_geoip_lookup_failure"
]
Hope someone can help me here! Thank you!
Just like your other thread, is this related to the online training?
Yes, it is too.
Hello,
It looks like at some point you ingested data with Logstash that Logstash could not parse. It therefore generated a _grokparsefailure. You would want to remove that data from your index.
You might try deleting that index and reloading the data with Logstash. Make sure you didn't change any of the configs for Logstash.
I recommend out "Elastic Stack Data Administration" (taught in-person and in our virtual classroom) course to get a better idea of how Logstash works as well as Beats. Ingesting data with these tools allows you to use Machine Learning to detect when anomalous behaving is occurring.
Hi Nathan,
Thank you for your answer. It is very helpful!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
