I'm pretty new to the ELK stack and have been tasked with using ELK Stack and BlueLiv Threat Intelligence Community. I have my basic setup configured for all ELK components, they start and what not however when I attempt to use my configuration for the BlueLiv community, I get the following error in my /var/log/logstash/logstash-plain.log file, error:
[2016-11-08T13:49:51,483][ERROR][logstash.agent ] fetched an invalid config {:config=>"input { \n blueliv {\n api_url => "https://freeapi.blueliv.com" \n http_timeout => 1000 \n api_key => "KEYREMOVED"\n feeds => {\n "b$
My configuration follows the documentation at https://github.com/Blueliv/ with my .conf file configured like so:
input {
blueliv {
api_url => "https://freeapi.blueliv.com"
http_timeout => 1000
api_key => "KEYREMOVED"
feeds => {
"botips" => {
"active" => true
"feed_type" => "non_pos"
}
"crimeservers" => {
"active" => true
"feed_type" => "all"
}
}
}
}
output {
elasticsearch { hosts => "localhost"
index => "blueliv-%{@collection}"
manage_template => false
document_id => "%{_id}"
}
}
Not really sure what the issue is, I thought maybe I had an extra } in place but I tried to match every bracket together and didn't notice any out of place. Anything you can provide to help out would be most appreciated!! I just can't seem to figure out what's the issue here. If it helps, the URL from BlueLIv to setup ELK stack is available at: https://github.com/Blueliv/elk-config-examples/blob/master/documentation.pdf
Just in case, I was able to install the BlueLiv plugin for LogStash, no problem.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.