Hello ,
I am newbie in ELK.This is the first time I am working on ELK .I want to know how to import syslog data into Logtash and then see that data in Kibana.
Sample events looks like below.
date/time host process PID message
Dec 5 06:26:01 s-login-01 CRON[1525214]: pam_unix(cron:session): session opened for user xyz by (uid=0)
Dec 5 06:30:01 s-login-01 cron[1525865]: sendmail: server message: 501 5.1.3 Invalid address
How to write the syslog.conf. and also if I download a log file and upload via UI of Kibana what override settings should I make
path : /project-admin/s-backup/admin/logs/s-login-01/syslog/
Please explain or write in details as I am new to ELK.
Thanks in Advance