How to configure indexes in logstash

input {
beats {
port => 5044
}
}

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch {
hosts => ["https://localhost:9200"]
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

After running "service logstash start" new index is not created. Please Help.

http://localhost:9200/_cat/indices
yellow open logstash-2019.05.25 CbucJMQMROK8MrZq6BEQiw 1 1 15 0 5kb 5kb
green open .kibana_1 ncR_HLCTTWKEynV38Jbayw 1 0 7 1 167.3kb 167.3kb

What if you do not specify document type? Do you have Elasticsearch secured as you are specifying https? If so, please provide some details.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.