Running an ELK Stack on Ubuntu Server 16 - Logstash 2.2.4 service is active, so it seems to load fine. When I run "sudo service logstash configtest", my output is this:
Error: Expected one of #, input, filter, output at line 1, column 1 (byte 1) after {:level=>:error}
02-file-input.conf
input {
file {
path => [ "var/log/syslog.log" ]
type => "syslog"
}
}
10-syslog-filter.conf
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
30-elasticsearch-output.conf
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
I'm thinking this is why I can't create a logstash index in Kibana (Unable to fetch mapping. Do you have any indices matching the pattern?)