I am very new to ILK stack. I am forwarding syslog messages from my routers and switches to Logstash and want to see those in Kibana. When I am trying to add index pattern named logstash-* from Kibana portal it's not showing any index named with the logstash-*. Can anyone help me to resolve this issue. My logstash file config is given below:
#Specify listening port for incoming logs from the beats
input {
beats {
port => 5044
}
}
Used to parse syslog messages and send it to Elasticsearch for storing
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGLINE}" }
}
date {
match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
Specify an Elastisearch instance
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
This will be creating index names based on the Beat that is sending the data. You can check this by using the _cat/indices?v API and see what indexes live in Elasticsearch.
Thanks for your reply. Can you please let me know the procedure to create index pattern for syslog. From the above logstash configuration I am forwarding syslog to port 5044 and I want to see those logs in Kibana portal. After lots of searching I found that I need to create index pattern named logstash-* to see the syslog messages. But I can't found any pattern named logstash-*. Please help me to resolve this issue.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
