Index creating through logstash and show on kibana index pattern

Elastic Stack Elasticsearch
1

Hello ,
I need a help on configuration of logstash output section....i want to create an index and fetch some particular logs on that index...whenever am creating a new index it is not showing on kibana

output {
  if "/var/log/abcd.log" in [log][file][path] {
        elasticsearch {
        hosts => ["http://localhost:9200"]
        index => "abcd-%{+YYYY.MM.dd}"
        manage_template => false
        pipeline => "%{[@metadata][pipeline]}"
        }
  } else {
        elasticsearch {
        hosts => ["http://localhost:9200"]
        index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
        }
  }
}

here is my recent configuration

2

Check what is the [log][file][path] value
Try with:
if [log][file][path] == "/var/log/abcd.log" { ...

3

not working

4

do i need to change something on filebeat.yml too?

5

You don't need to change anything, [log][file][path] is in LS as well as in FB.
Please use ruby debug in the output to check the [log][file][path] value:

output {
   stdout { codec => rubydebug{ } }
...
}
6

My index is creating after a very long time...like I created an index on 18th of August and it is showing on Kibana today i.e: 22nd of August
so let me know if it is okay that it is taking time to load the index on Kibana.

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.