Why do you have mappings in your config file? If you want to specify mappings and have Logstash manage them, you should place the mappings in a separate file and instruct the elastic search output plugin to use it.
i have specified the mappings in different file
i concatenated all four files under conf.d to upload on the internet
When logstash runs, it combines all the files in your config directory into one file.
after removing template
On your ELK Server, verify that Elasticsearch is indeed receiving the data by querying for the Filebeat index with this command:
after removing template
On your ELK Server, verify that Elasticsearch is indeed receiving the data by querying for the Filebeat index with this command:
should mappings file must contain header in their configuration files like other three files
beats has input as header
syslog has filter as header
elasticsearch has output as header
mappings file has no header
thanks man
it worked mapping file should not be present in the logstash configuration folder
ubuntu log were having auth.log.1 but i had configured it for auth.log
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.