ELK stack elasticsrearch index issue

shufil · January 24, 2018, 12:09pm

I have installed ELK to analyze our log files in ubuntu 14, using nginx - kibana - elasticsearch -logstsh --- logstash client server (filebeate) nginx connected to kibana with port 5601 ,and elasticsearch.yml is running with settings

network.host: localhost
logstsh working with below configaration , also i have Loaded Kibana Dashboards with beats-dashboards-1.1.0.zip, its loaded [filebeat-]YYYY.MM.DD still i did not getting any logs in kibana, please check the screen short .

</>input {
beats {
port => 5043
type => syslog
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}

output {
elasticsearch {
host => "localhost:9200"
}
}
#I have tried below also
#output {

elasticsearch {

host => "localhost:9200"

sniffing => true

manage_template => false

index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"

document_type => "%{[@metadata][type]}"

}

#}
client system running with filebeat data type syslog file type /var/log/auth-log

filebeat:
prospectors:
paths:
- /var/log/auth.log
input_type: log
document_type: syslog
registry_file: /var/lib/filebeat/registry
output:
logstash:
hosts: ["ELK_server_IP:5043"]
bulk_max_size: 2048
tls:
certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
shipper:
logging:
files:
rotateeverybytes: 10485760 </>

dadoonet · January 24, 2018, 12:54pm

Please format your code using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

Please edit your post.

Looks like very old versions... Why did you choose to install that instead of 6.1.2?

shufil · January 24, 2018, 2:28pm

Thanks for reply , i have updated elastcsreach version from 4.2 to 6.x , and kibana to 5,
still am stuck in Create index pattern, please check the screenshot .

dadoonet · January 24, 2018, 2:41pm

Looks like a Kibana 6, no?

dadoonet · January 24, 2018, 2:42pm

Did you index anything?

What gives GET _cat/indices?v

shufil · January 24, 2018, 5:02pm

currently i did not index anything , how can i do index?, basically am in new in ELK
curl -I http://localhost:5601/status
HTTP/1.1 200 OK
kbn-name: kibana
kbn-version: 6.1.2
cache-control: no-cache
Date: Wed, 24 Jan 2018 17:00:51 GMT
Connection: keep-alive

dadoonet · January 24, 2018, 5:32pm

You can go in the developer Console in Kibana and do:

DELETE test
PUT test/doc/1
{
  "message": "Elasticsearch is cool"
}
GET test/_search?q=cool

May be read
https://www.elastic.co/guide/en/elasticsearch/reference/6.1/getting-started.html

And specifically
https://www.elastic.co/guide/en/elasticsearch/reference/6.1/_exploring_your_data.html

HTH

shufil · January 24, 2018, 6:20pm

yes i added default index in elasticsreach using below url reference, and kibana now working fine
https://www.elastic.co/guide/en/elasticsearch/reference/6.1/_exploring_your_data.html

But how can i get my filebeate client logs ??

dadoonet · January 24, 2018, 6:48pm

Did you read https://www.elastic.co/guide/en/beats/filebeat/current/index.html ?

system · February 21, 2018, 6:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.