Не появляется индекс в index pattern

Elastic In Your Native Tongue Вопросы на русском языке
1

Здравствуйте. Подскажите куда копать. Уже переустановил kibana elastic и logstash. А началось все с того что захотел очистить базу (индексы) и освободить место.
В общем не могу добавить свой индекс в виндовс сервера.
Мои настройки
winlogbeat:

winlogbeat.event_logs:
- name: ForwardedEvents
  forwarded: true
 # ignore_older: 72h
tags: ["winsrvad"]
output.logstash:
  hosts: ["10.50.2.2:5044"]
#logging.level: info
#logging.to_files: true
logging.files:
  path: C:\Program Files\winlogbeat

В кибане только
server.host: "10.50.2.2"

logstash:
filter

filter {
    if "winsrvad" in [tags] {
	if [winlog][event_id] != "5136" and [winlog][event_id] != "5139" and [winlog][event_id] != "5141" and [winlog][event_id] != "5137" and [winlog][event_id] != "4741" and [winlog][event_id] != "4742" and [winlog][event_id] != "4743" and [winlog][event_id] != "4720" and [winlog][event_id] != "4721" and [winlog][event_id] != "4722" and [winlog][event_id] != "4723" and [winlog][event_id] != "4724" and [winlog][event_id] != "4725" and [winlog][event_id] != "4726" and [winlog][event_id] != "4738" and [winlog][event_id] != "4740" and [winlog][event_id] != "4767" and [winlog][event_id] != "4781" and [winlog][event_id] != "4794" and [winlog][event_id] != "1102" and [winlog][event_id] != "4744" and [winlog][event_id] != "4744" and [winlog][event_id] != "4745" and [winlog][event_id] != "4746" and [winlog][event_id] != "4747" and [winlog][event_id] != "4748" and [winlog][event_id] != "4749" and [winlog][event_id] != "4750" and [winlog][event_id] != "4751" and [winlog][event_id] != "4752" and [winlog][event_id] != "4753" and [winlog][event_id] != "4759" and [winlog][event_id] != "4760" and [winlog][event_id] != "4761" and [winlog][event_id] != "4762" and [winlog][event_id] != "4727" and [winlog][event_id] != "4728" and [winlog][event_id] != "4729" and [winlog][event_id] != "4730" and [winlog][event_id] != "4731" and [winlog][event_id] != "4732" and [winlog][event_id] != "4733" and [winlog][event_id] != "4734" and [winlog][event_id] != "4735" and [winlog][event_id] != "4736" and [winlog][event_id] != "4737" and [winlog][event_id] != "4754" and [winlog][event_id] != "4755" and [winlog][event_id] != "4756" and [winlog][event_id] != "4757" and [winlog][event_id] != "4758" and [winlog][event_id] != "4764" and [winlog][event_id] != "4776" and [winlog][event_id] != "4625" {
	drop { }
	}
    }
}

input:

input {
beats {
port => 5044
      }

filter:

output {
    else if "winsrvad" in [tags] {
        elasticsearch {
            hosts     => "localhost:9200"
            index    => "winsrvad-%{+YYYY.MM.dd}"
            user     => Logstash
            password => xxxxxxxx
        }
    }
}

Вроде все стандратно.
Должен быть winsrvad*

1
11184×287 24.4 KB

2
2876×386 28.6 KB

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.