Hi,
I am new to ELK stack and I am trying to setup ELK stack for logging in Azure. I completed the setup at filebeat and it is running.
[elkclient1@elkclient1 /]$ sudo service filebeat restart
Restarting filebeat (via systemctl): [ OK ]
My filebeat configurations are
filebeat:
prospectors:
-
paths:
- /var/log/secure
- /var/log/messages
# - /var/log/*.log
input_type: log
document_type: syslog
registry_file: /var/lib/filebeat/registry
output:
logstash:
hosts: ["elk_server_private_ip:5044"]
bulk_max_size: 1024
tls:
certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
shipper:
logging:
files:
rotateeverybytes: 10485760 # = 10MB
I can see syslog in the new VM I created in Azure but when I test from elastic search server I get the below output
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 0,
"successful" : 0,
"failed" : 0
},
"hits" : {
"total" : 0,
"max_score" : 0.0,
"hits" :
}
}
How do I get logs to go to logstash?
The setup I used is https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-centos-7
Any help is appreciated.