Help with processing log files

I'm very very new to Elasticsearch/ELK, and I'm currently learning it from scratch for a project. I'm running it on an Ubuntu VM and my first task is to process json log files from my desktop through Filebeat into Elasticsearch. I have everything installed and I've experimented with downloading the Shakespeare files as a demo, but I'm stuck on how I can link my own files to Elasticsearch?

Right now I'm trying to process a log file called 'test.log' and this is what I have so far:

//curl -XPOST "http://localhost:9200/test/test" -H "Content-Type: application/json" -d @test.log

The error I get reads:

    Warning: Couldn't read data from file "test.log", this makes and empty POST. 
    {"error":{"root_cause":[{"type":"parse_exception","reason":"request body is required"}],"type":"parse_exception","reason":"request body is required"},"status":400}

Would appreciate some help and guidance. Thank you.

Your task is to ingest data using filebeat.

Basically you will download and install Filebeat. Configure it to read from a folder where your logs are located. Configure your Elasticsearch connection if you changed from default.

Turn it on and then filebeat will read that folder you specified, read the log file and send it over to elasticsearch for you.

Thank you so much for your help! I'm trying to follow the article you provided and in the screenshot below is what I get from inputing the first two commands found in the article. Do you know how I may be able to fix it or why the command is not found?
Thank you again.

Screen Shot 2021-01-21 at 9.43.10 PM1443×258 97.2 KB

Set the connection information in filebeat.yml

The 2nd one isn't a command but tells you what needs to set inside the configuration file. If you didn't change elasticsearch from default you won't need to edit this.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.