How to configure syslog (input) in logstash conf file

Hi All,

Im new to ELK i have config ELK in ubuntu as a docker container when i check kibana URL No Elasticsearch indices match your pattern.

Note: - My VM is store in google cloud

Here is my logstash.conf file

input {
        tcp {
                port => 5044
#                syslog_field => "syslog"
#                path => /var/log/syslog      
                type => syslog  
                codec => "json"
        }
}

## Add your filters / logstash plugins configuration here

output {
        elasticsearch {
                hosts => "elasticsearch:9200"
                user => "xxxx"
                password => "xxxxxx"
        }
#        stdout { codec => rubydebug }
}

I dont know to write logstash.conf as input . Please help me out

Your elasticsearch output section needs to specify the target index. Look in Kibana index management or monitoring, there may be an index "logstash*" or some other default name.

can u send me any link related to question or any example ...im looking in google but didnt getting it

i look in kibana but didnt find any logstash name or any default name

This link:

elasticsearch {
 hosts => ["localhost:9200"]
 index => "squid-%{+YYYY.MM.dd}" 
 manage_template => true
 template => "/home/logstash/squid_mapping.json"
 template_name => "squid_template"
}

Change the index name to fit yours. You should be getting logstash errors if logstash is receiving data but not sending it.

thats output section i want input section first to be work in logstash.conf file

[Remote syslog to Logstash – Halon](https://syslog input example)

If you use a low port, logstash will have to have privileges.

Hi folks,

Why not rely on the actual logstash documentation page?
That should basically help to answer all your questions.

Best

André :elasticheart:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.