I'm very very new to Elasticsearch/ELK, and I'm currently learning it from scratch for a project. I'm running it on an Ubuntu VM and my first task is to process json log files from my desktop through Filebeat into Elasticsearch. I have everything installed and I've experimented with downloading the Shakespeare files as a demo, but I'm stuck on how I can link my own files to Elasticsearch?
Right now I'm trying to process a log file called 'test.log' and this is what I have so far:
Warning: Couldn't read data from file "test.log", this makes and empty POST.
{"error":{"root_cause":[{"type":"parse_exception","reason":"request body is required"}],"type":"parse_exception","reason":"request body is required"},"status":400}
Would appreciate some help and guidance. Thank you.
Basically you will download and install Filebeat. Configure it to read from a folder where your logs are located. Configure your Elasticsearch connection if you changed from default.
Turn it on and then filebeat will read that folder you specified, read the log file and send it over to elasticsearch for you.
Thank you so much for your help! I'm trying to follow the article you provided and in the screenshot below is what I get from inputing the first two commands found in the article. Do you know how I may be able to fix it or why the command is not found?
Thank you again.
The 2nd one isn't a command but tells you what needs to set inside the configuration file. If you didn't change elasticsearch from default you won't need to edit this.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
