Good, I'm trying to visualise where the ips of the apache logs that I receive come from, but when I click on the map I get the message that I don't have the index pattern, any idea?
input {
beats {
port => 5044
}
}
filter {
grok { match => { "message" => "%{COMBINEDAPACHELOG}" } }
geoip { source => "clientip" }
}
output {
elasticsearch {
hosts => ["http://192.168.14.82:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}"
}
}
What version are you on?
If older like 7.10 did you refresh the index pattern?
Go to Stack Management-> Index pattern and refresh the pattern
Did you create a mapping with those fields?
I'm on version 7.9.2 I just refreshed the index, but when I go to Maps->Add layer->Point to point when it asks me for the index it tells me that there is no option available.
If I were you I would use the filebeat apache module directly and skip logstash it is not needed (you can use it but it is not required) The Apache module will do all the parsing and geoip etc
I would clean up everything and start over....
Basically follow these steps but use the apache module
Point the filebeat config directly at Elasticsearch and kibana
Once you get that working try using the "Documents" Options on the Map
If you get all that working come back and I will show you how to pass it through logstash if you still want to .
thank you very much it is working
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
