Logstash can't connect to Elasticseach


(Sanka Ryo) #1

Hello
Now i had build ELK in centos 7 (6.1.2)
Kibana, Elasticsearch and Logstash are running.
But when i config logstash in ELK like that:

input {
snmptrap {
community => "public"
type => "snmptrap"
host => "0.0.0.0"
port => 1062
}
}

output {
elasticsearch {
hosts => ["http://192.168.1.150:9200"]
}
}

And i see Logstash's log:

[2018-11-18T21:01:42,542][INFO ][logstash.pipeline ] Pipeline has terminated {:pipeline_id=>"main", :thread=>"#<Thread:0x46580b28 run>"}
[2018-11-18T21:02:30,076][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.5.0"}
[2018-11-18T21:02:35,937][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2018-11-18T21:02:37,207][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>, :added=>[http://192.168.1.150:9200/]}}
[2018-11-18T21:02:37,236][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.1.150:9200/, :path=>"/"}
[2018-11-18T21:02:37,692][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://192.168.1.150:9200/"}
[2018-11-18T21:02:37,828][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>6}
[2018-11-18T21:02:37,833][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>6}
[2018-11-18T21:02:38,025][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["http://192.168.1.150:9200"]}
[2018-11-18T21:02:38,125][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2018-11-18T21:02:38,194][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2018-11-18T21:02:38,204][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x2d0e348a run>"}
[2018-11-18T21:02:38,339][INFO ][logstash.inputs.snmptrap ] It's a Trap! {:Port=>1062, :Community=>["public"], :Host=>"0.0.0.0"}
[2018-11-18T21:02:38,357][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}
[2018-11-18T21:02:39,178][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

But when i see index pattern on Kibana, i don't see anything...
Pleass help me... thanks...