How to configure indexes in logstash

Swaroop_Chand · May 26, 2019, 9:49am

input {
beats {
port => 5044
}
}

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch {
hosts => ["https://localhost:9200"]
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

After running "service logstash start" new index is not created. Please Help.

http://localhost:9200/_cat/indices
yellow open logstash-2019.05.25 CbucJMQMROK8MrZq6BEQiw 1 1 15 0 5kb 5kb
green open .kibana_1 ncR_HLCTTWKEynV38Jbayw 1 0 7 1 167.3kb 167.3kb

Christian_Dahlqvist · May 26, 2019, 10:09am

What if you do not specify document type? Do you have Elasticsearch secured as you are specifying https? If so, please provide some details.

system · June 23, 2019, 10:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.