Filebeat logstash index not creating

Elastic Stack Logstash
1

Hi,
Good day..!
I have configured ELK on a CentOS 7 machine.
Initially i have got index in elastic search and accessed logs from kibana.
Once i removed all index data from elastic search , problem started.
I have checked all logs but no errors.
My current logstash conf is given below. While checking logstash-plain.log file i can see incoming logs from filebeat.

# input section
input {
 beats {
   port => 5044
   ssl => true
   #start_position => "beginning"
   #sincedb_path => "/opt/dbflile"
   ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
   ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
  #congestion_threshold => "40"
  }
}
# Filter section
filter {
if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGLINE}" }
    }
    date {
match => [ "timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]

}
  }
}
# output section
output {
  elasticsearch {
   hosts => "127.0.0.1:9200"
#index => "dailyserver-%{+YYYY.MM.dd}"
#   document_type => "dailyserver"
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
}
}

I am using ELK 5.6.5 , i tried to reinstall several time. But no luck.
Please help me to find the solution.

2

Hi,
But while directly connecting from Filebeat to Elasticsearch, it is creating index file .
I think something is related to logstash permission.
Anybody have similar experience..?

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.