im running elk instance, im trying to create a new indices other than the default logstash* indice. need help on how to create.
By default indexes are automatically created when documents are posted to them so unless you've changed these defaults it's not clear what the problem is. Do you want to post some events from Logstash to a different index than the rest, or...?
Yes..i want to create a index for apache logs or syslogs..and then create
alerts...for errors. or i want to create a index for group of servers.
See http://stackoverflow.com/a/27147688/414355 and come back if you have any specific questions.
instead of script, is it not something we can do on the kibana GUI? using
kibana gui can't we create indices and indexes?
Instead of script? In any case you're going to have to configure Logstash to send events to a non-default index. What would be the point of being able to create empty indexes in Kibana?
look at that page. im trying to create a new index with name "syslog" and filter only syslog events vs apache events.
now once i crate im not able to figure out how to edit it so that it shows only syslog events.
All i see is
any help...greatly appreciated.
Go to the Discovery tab and type in a query that selects the events you're interested in. For example, you'll typically want to use the
type field to indicate the type of the message. For your syslog messages putting "syslog" there makes good sense, and then your query could become "type:syslog".