I am new to ELK stack and trying make it work. First I tried to configure filebeat to display syslog on Kibana and able to get through but when I tried to get DOCS logs, Filebeat failed to start.
input_type: log
document_type: syslog
I am staring filebeat using following command on Linux box.
service filebeat start -v -d "*"
I really need you guys to help me out as I am really dead time line for this project. One more thing, where I can see filebeat log?
The service command doesn't take arguments like above. How you configure the startup arguments depends on things like whether your OS uses systemd, whether you have an init script, what it looks like, etc.
Thank you so much for your reply.
After removing the document_type = syslog indent preformatted text by 4 spacesfrom filebeat.yml , it started without error indent preformatted text by 4 spacesand able to see the log on Kibana. But I don't understand why it's causing this issue as I have the filter configuration corresponding to syslog on my logstash file which is as follow
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
} indent preformatted text by 4 spaces
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.