How to configure indexes in logstash

Swaroop_Chand · May 26, 2019, 9:49am

input {
beats {
port => 5044
}
}

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch {
hosts => ["https://localhost:9200"]
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

After running "service logstash start" new index is not created. Please Help.

http://localhost:9200/_cat/indices
yellow open logstash-2019.05.25 CbucJMQMROK8MrZq6BEQiw 1 1 15 0 5kb 5kb
green open .kibana_1 ncR_HLCTTWKEynV38Jbayw 1 0 7 1 167.3kb 167.3kb

Christian_Dahlqvist · May 26, 2019, 10:09am

What if you do not specify document type? Do you have Elasticsearch secured as you are specifying https? If so, please provide some details.

system · June 23, 2019, 10:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasicsearch is not creating an index even there are no errors Logstash	13	461	December 24, 2018
New index is not created Elasticsearch	7	4925	February 14, 2020
Configuration difference in elk5 and elk6 Logstash	1	338	June 1, 2018
How to configure different indexes in logstash Logstash	38	40234	November 4, 2022
How to create logstash-* index pattern to see syslog messages Kibana	3	1458	August 4, 2021

How to configure indexes in logstash

After running "service logstash start" new index is not created. Please Help.

Related Topics