Logstash Custom file for apache configuration

Elastic Stack Logstash
1

Hi Guys,

I have installed ELK stack on single server and i have created a logstash file for apache server which is running on client server. I have setup the filebeat to read access and error log of apache.

the problem is how will i sure filebeat is reading the custom apache logstash file and there are also msyql logstash file too ?...

when i connect elk stack while enable the logstash in filebeat. this does not make connections. gives me en error like trying to connect backoff ( rsync:http:..). this works with elasticsearch only.

displaying the Apache logstash file.

<
input {
beats {
port => 5044
}
}

output {
if [@metadata][pipeline] {
elasticsearch {
hosts => "http://192.168.185.143:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
pipeline => "%{[@metadata][pipeline]}"

}

} else {
elasticsearch {
hosts => "http://192.168.185.143:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"

}

}
}
/>

Also showing the logstash logs error.

<
[2019-06-27T19:40:26,198][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, => at line 64, column 14 (byte 1312) after output {\n elasticsearch {\n\thosts => ["192.168.185.143:9200"]\n\tsniffing => true\n\tmanage_template => false\n#\tindex => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" #\n index", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:41:in compile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:49:incompile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in block in compile_sources'", "org/jruby/RubyArray.java:2577:inmap'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:10:in compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:151:ininitialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:23:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:325:inblock in converge_state'"]}
[2019-06-27T19:40:26,915][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2019-06-27T19:40:31,529][INFO ][logstash.runner ] Logstash shut down.
[root@elasticsearch logstash]#
/>

Please provide me solution asap or give me working apache logstash file.

2

The error message does not match the configuration you posted. The error message has

output {
    elasticsearch {
        hosts => ["192.168.185.143:9200"]
        sniffing => true
        manage_template => false
#        index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" 
        index

That suggests that index is not followed by =>

Please show us the configuration you are using. Select it in the edit panel and click on </> in the toolbar above so that it is blockquoted. Verify in the preview pane on the right that it is formatted correctly.

3

Hi Badger,

I'm trying this apache custom code. can you find if there is any problem in this code ?

apchelo4
apchelo4.png781×783 40.4 KB

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.