General Help

loatswil · April 23, 2020, 7:02pm

I have set up Elastic, Logstash and Kibana on a spare machine to get my feet wet and I am having trouble just getting data into the system and visible in Kibana.

I have various systems sending rsyslog data to a directory on the same system.

I have tried using a basic syslog input, and a basic file input in the /etc/logstash/config.d/ directory. I can see in the logstash logs that it reads that file but nothing ever shows up in Kibana.

Here's the file input currently in place. Other then this input, the system is very generic and untouched. Just a new install.

    input {
      file {
        path => "/var/log/remote/*"
      }
    }


    output {
      elasticsearch {
        hosts => ["localhost:9200"]
      }
      stdout { codec => rubydebug }
    }

Thanks!

rashmi · April 23, 2020, 8:15pm

Hi,

Welcome to the community .

Localhost:9200 should work if the port is open. Can you confirm that the port is open. What do thelogstash logs say ? Can you try changing the host to `Change hosts to something like this hosts => ["https://127.0.0.1:9200 "]
Is there a proxy in between ?

Thanks
Rashmi

loatswil · April 23, 2020, 10:10pm

I tried https and it threw a cert error. I tried http and it worked, or at least it's sending to that location. I think it's an IPv6 thing. Looks like my system is only listening on those ports with IPv6.

No proxy, this is all on the same system.

I'll look for a solution to that tomorrow.

Thanks!

system · May 21, 2020, 10:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.