MdRashid
(Rashid)
June 29, 2021, 12:08pm
1
Hi All,
Im new to ELK i have config ELK in ubuntu as a docker container when i check kibana URL No Elasticsearch indices match your pattern.
Note: - My VM is store in google cloud
Here is my logstash.conf file
input {
tcp {
port => 5044
# syslog_field => "syslog"
# path => /var/log/syslog
type => syslog
codec => "json"
}
}
## Add your filters / logstash plugins configuration here
output {
elasticsearch {
hosts => "elasticsearch:9200"
user => "xxxx"
password => "xxxxxx"
}
# stdout { codec => rubydebug }
}
I dont know to write logstash.conf as input . Please help me out
rugenl
(Len Rugen)
June 29, 2021, 12:19pm
2
Your elasticsearch output section needs to specify the target index. Look in Kibana index management or monitoring, there may be an index "logstash*" or some other default name.
MdRashid
(Rashid)
June 29, 2021, 2:29pm
3
can u send me any link related to question or any example ...im looking in google but didnt getting it
MdRashid
(Rashid)
June 29, 2021, 2:50pm
4
i look in kibana but didnt find any logstash name or any default name
rugenl
(Len Rugen)
June 29, 2021, 3:33pm
5
This link :
elasticsearch {
hosts => ["localhost:9200"]
index => "squid-%{+YYYY.MM.dd}"
manage_template => true
template => "/home/logstash/squid_mapping.json"
template_name => "squid_template"
}
Change the index name to fit yours. You should be getting logstash errors if logstash is receiving data but not sending it.
MdRashid
(Rashid)
June 29, 2021, 4:43pm
6
thats output section i want input section first to be work in logstash.conf file
rugenl
(Len Rugen)
June 29, 2021, 9:16pm
7
[Remote syslog to Logstash – Halon ](https://syslog input example)
If you use a low port, logstash will have to have privileges.
Hi folks,
Why not rely on the actual logstash documentation page?
That should basically help to answer all your questions.
Best
André
system
(system)
Closed
July 27, 2021, 10:26pm
9
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.