i have foldre full of log file and my logstash config is :
input {
file {
path => "/home/adanic/kilid-logs/*.log"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "kilidLog-%{+YYYY.MM.dd}"
document_type => "%{type}"
}
}
output {
stdout { codec => rubydebug}
}
i can see all log data in terminal but in kibana i cannot create new index pattern .where is my mistake?
What do Logstash logs say? And did you try telnet to elasticsearch server?(if it’s a different server)
in terminal, i can see the logstash read file completely . and logstash ,kiibana and elasticsearch are install on one server
index => "kilidLog-%{+YYYY.MM.dd}"
Index names can't contain uppercase characters. I'd be surprised if there wasn't anything about this in the Logstash log.
To add on to what magnusbaeck is saying, you cannot create an index in Elasticsearch with uppercase letters either. When trying to create an index with uppercase letters in ES, you immediately get an error stating that index was not created because it cannot contain uppercase letters.
Even if you correct this issue by changing it to lowercase in LogStash, you still must specify an index template within ES when creating an index or none of your data will be able to be used in Kibana for visualizations, meaning your data is analyzed. Only data that is not analyzed can be used for visualizations within Kibana (as annotated by the "*.raw" fields). You could modify the default index template, but it can be difficult to create a template that meets the needs of all of data you are using with Elastic Stack.
thanks the problem solved
thanks i change it an problem solved
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.