Kibana not showing data from logstash

BrunoC · June 14, 2017, 1:32pm

Hello,

Kibana is not showing anything from logstash, I can create an index but no data comes out.

{"reason":"match","flags":"none","rule":"5","type":"syslog","ip_ver":"4","sub_rule":"16777216","src_ip":"192.168.0.152","@version":"1","host":"172.17.0.1","tracker":"1000000103","proto_id":"17","action":"block","tos":"0x0","id":"52249","dest_port":"138","direction":"in","geoip":{},"offset":"0","data_length":"182","length":"202","message":"5,16777216,,1000000103,re0,match,block,in,4,0x0,,64,52249,0,none,17,udp,202,192.168.0.152,192.168.0.255,138,138,182","ttl":"64","prog":"filterlog","tags":["firewall","_geoip_lookup_failure"],"src_port":"138","iface":"re0","@timestamp":"2017-06-14T15:30:55.000Z","proto":"udp","dest_ip":"192.168.0.255","evtid":"134"}
{"reason":"match","flags":"none","rule":"5","type":"syslog","ip_ver":"4","sub_rule":"16777216","src_ip":"192.168.0.151","@version":"1","host":"172.17.0.1","tracker":"1000000103","proto_id":"17","action":"block","tos":"0x0","id":"51877","dest_port":"1900","direction":"in","geoip":{},"offset":"0","data_length":"135","length":"155","message":"5,16777216,,1000000103,re0,match,block,in,4,0x0,,1,51877,0,none,17,udp,155,192.168.0.151,239.255.255.250,51984,1900,135","ttl":"1","prog":"filterlog","tags":["firewall","_geoip_lookup_failure"],"src_port":"51984","iface":"re0","@timestamp":"2017-06-14T15:30:56.000Z","proto":"udp","dest_ip":"239.255.255.250","evtid":"134"}

Any idea?

erion · June 14, 2017, 3:23pm

Do you have data in ElasticSearch?

BrunoC · June 14, 2017, 3:55pm

That's what I was asking myself, I guess I don't and I have no idea about Elasticsearch querying.

erion · June 14, 2017, 4:03pm

Kibana display graph of data are in ElasticSearch. Logstash match your data for elasticsearch. this is a very general answere i know but you should read something on web about Elasticsearch, Logstash and kibana. For more questions here we are.

BrunoC · June 15, 2017, 7:48am

There is data in Elasticsearch and it's valid data.

erion · June 15, 2017, 7:51am

In your logstash config file do you set hosts?
Can you publish a copy of your config logstash file?

BrunoC · June 15, 2017, 8:03am

This is the output of my logstash config

output {
    elasticsearch {
        hosts => localhost
        index => "logstash-%{+YYYY.MM.dd}"
    }
    file {
        path => "/var/log/logstash/log-%{+YYYY-MM-dd}.log"
    }
}

erion · June 15, 2017, 8:09am

Change hosts to something like this hosts => ["https://127.0.0.1:9200"]

BrunoC · June 15, 2017, 8:15am

Doesn't change anything, the data gets in Elasticsearch, it just doesn't show in Kibana.

erion · June 15, 2017, 9:24am

Follow this https://www.elastic.co/guide/en/kibana/current/connect-to-elasticsearch.html

BrunoC · June 15, 2017, 9:36am

I'm already doing it that way.

system · July 13, 2017, 9:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.