Index creating through logstash and show on kibana index pattern

bharti · August 17, 2023, 6:56am

Hello ,
I need a help on configuration of logstash output section....i want to create an index and fetch some particular logs on that index...whenever am creating a new index it is not showing on kibana

output {
  if "/var/log/abcd.log" in [log][file][path] {
        elasticsearch {
        hosts => ["http://localhost:9200"]
        index => "abcd-%{+YYYY.MM.dd}"
        manage_template => false
        pipeline => "%{[@metadata][pipeline]}"
        }
  } else {
        elasticsearch {
        hosts => ["http://localhost:9200"]
        index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
        }
  }
}

here is my recent configuration

Rios · August 17, 2023, 7:50am

Check what is the [log][file][path] value
Try with:
if [log][file][path] == "/var/log/abcd.log" { ...

bharti · August 17, 2023, 8:20am

not working

bharti · August 18, 2023, 5:09am

do i need to change something on filebeat.yml too?

Rios · August 18, 2023, 7:05pm

You don't need to change anything, [log][file][path] is in LS as well as in FB.
Please use ruby debug in the output to check the [log][file][path] value:

output {
   stdout { codec => rubydebug{ } }
...
}

bharti · August 22, 2023, 7:05am

My index is creating after a very long time...like I created an index on 18th of August and it is showing on Kibana today i.e: 22nd of August
so let me know if it is okay that it is taking time to load the index on Kibana.

Topic		Replies	Views
How send the log to different index in Kibana Logstash	6	689	May 11, 2020
Index logstash in kibana Logstash	5	2290	April 25, 2017
Send Logstash logs to Kibana remote server Kibana	6	2034	August 4, 2020
Seems that Logstash stop shipping logs to ES / Problem into the logstash config Logstash	14	804	June 26, 2019
Kibana index is not showing Logstash	2	336	December 6, 2019

Index creating through logstash and show on kibana index pattern

Related topics