MdRashid
June 29, 2021, 12:08pm
1
Hi All,
Im new to ELK i have config ELK in ubuntu as a docker container when i check kibana URL No Elasticsearch indices match your pattern.
Note: - My VM is store in google cloud
Here is my logstash.conf file
input {
tcp {
port => 5044
# syslog_field => "syslog"
# path => /var/log/syslog
type => syslog
codec => "json"
}
}
## Add your filters / logstash plugins configuration here
output {
elasticsearch {
hosts => "elasticsearch:9200"
user => "xxxx"
password => "xxxxxx"
}
# stdout { codec => rubydebug }
}
I dont know to write logstash.conf as input . Please help me out
rugenl
June 29, 2021, 12:19pm
2
Your elasticsearch output section needs to specify the target index. Look in Kibana index management or monitoring, there may be an index "logstash*" or some other default name.
MdRashid
June 29, 2021, 2:29pm
3
can u send me any link related to question or any example ...im looking in google but didnt getting it
MdRashid
June 29, 2021, 2:50pm
4
i look in kibana but didnt find any logstash name or any default name
rugenl
June 29, 2021, 3:33pm
5
This link :
elasticsearch {
hosts => ["localhost:9200"]
index => "squid-%{+YYYY.MM.dd}"
manage_template => true
template => "/home/logstash/squid_mapping.json"
template_name => "squid_template"
}
Change the index name to fit yours. You should be getting logstash errors if logstash is receiving data but not sending it.
MdRashid
June 29, 2021, 4:43pm
6
thats output section i want input section first to be work in logstash.conf file
rugenl
June 29, 2021, 9:16pm
7
[Remote syslog to Logstash – Halon ](https://syslog input example)
If you use a low port, logstash will have to have privileges.
Hi folks,
Why not rely on the actual logstash documentation page?
Best
André
