i am trying to monitor some servers in my small-mid network using ELK.
my configuration file:
Blockquote
input{
file{
path => "/opt/experis-cyber/sys-monitor/log/monitor-sys-1507188302096.json"
start_position =>"beginning"
type => "sys"
}
}
filter{
}
output{
elasticsearch {
hosts =>["10.10.20.13:9200"]
index => ["monitor"]
}
stdout {
codec => rubydebug
}
}
Blockquote
logs:
does any one have an idea where is the problem?
Is any data displayed to the ruby debug output?
->If no, then the records were probably already processed and you need to start with new sincedb file, you could add this to the file input to test from scratch :
sincedb_path => "/dev/null"
ignore_older => 0
->If yes, then do you get an error related to the elasticsearch output plugin (comment out the stdout output so you remove the noise). Check that curl -XGET http://10.10.20.13:9200 returns the expected ES cluster data
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.