General Help

loatswil · April 23, 2020, 7:02pm

I have set up Elastic, Logstash and Kibana on a spare machine to get my feet wet and I am having trouble just getting data into the system and visible in Kibana.

I have various systems sending rsyslog data to a directory on the same system.

I have tried using a basic syslog input, and a basic file input in the /etc/logstash/config.d/ directory. I can see in the logstash logs that it reads that file but nothing ever shows up in Kibana.

Here's the file input currently in place. Other then this input, the system is very generic and untouched. Just a new install.

    input {
      file {
        path => "/var/log/remote/*"
      }
    }


    output {
      elasticsearch {
        hosts => ["localhost:9200"]
      }
      stdout { codec => rubydebug }
    }

Thanks!

rashmi · April 23, 2020, 8:15pm

Hi,

Welcome to the community .

Localhost:9200 should work if the port is open. Can you confirm that the port is open. What do thelogstash logs say ? Can you try changing the host to `Change hosts to something like this hosts => ["https://127.0.0.1:9200 "]
Is there a proxy in between ?

Thanks
Rashmi

loatswil · April 23, 2020, 10:10pm

I tried https and it threw a cert error. I tried http and it worked, or at least it's sending to that location. I think it's an IPv6 thing. Looks like my system is only listening on those ports with IPv6.

No proxy, this is all on the same system.

I'll look for a solution to that tomorrow.

Thanks!

Topic		Replies	Views
Having problem getting syslog to show on Elasticsearch Logstash	5	937	June 15, 2021
No results found - Kibana - Localhost not sending logs Elasticsearch	23	3254	July 5, 2017
No results found in Kibana Logstash	14	6919	July 6, 2017
Logstash with syslog input doesn't send logs to Elasticsearch Logstash elastic-stack-security	1	531	July 22, 2020
ISSUE WITH INSTALATION KIBANA IN CENTOS Logstash	2	232	October 5, 2022

General Help

Related topics