Logstash data not visible in Kibana

Reszel · June 3, 2021, 1:53pm

Hello guys, I'm newbie to ELK and i was trying to connect Logstash to Kibana/Elastic with my own configuration. Logstash seems to be running, but Kibana can't see any data, when i try to create index pattern. Here is my logstash.conf file

input {
  file {
    path => "/var/log/messages"
    tags => "smidz"
  }
}
 filter {
  if "smidz" in [tags] {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:time} %{SYSLOGHOST:host} %{DATA:program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:message}" }
      overwrite => [ "message" ]
      add_field => {"index_nr" => "111111,222222"}
    }
  if "_grokparsefailure" in [tags] {
    drop{}
  }
 }
}

output {
  if "smidz" in [tags] {
        elasticsearch{
            hosts => "localhost"
            index => "example_%{tags}"
            }
         }
         stdout{}
}

I'm using "sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf" command to start Logstash, it seems to be working, however the kibana display that i don't have any data.

Christian_Dahlqvist · June 3, 2021, 2:03pm

You do not seem to have anything adding smidz as a tag so the output filter would be ignored.

Reszel · June 3, 2021, 2:05pm

Accidently edited code, here it is with previous form:
input {
file {
path => "/var/log/messages"
tags => "smidz"

system · July 1, 2021, 2:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
No logstash data showing up in kibana Kibana	3	300	November 6, 2020
Index not visble in Kibana Kibana	9	379	July 23, 2018
Data not showing in Kibana Kibana	4	5216	June 27, 2017
Not able see data in Kibana? Is Logstash pushing to ES Logstash	8	1164	June 1, 2018
Data not showing in elastic and kibana for one of the index pattern out of three indexes Logstash	4	315	October 31, 2021

Logstash data not visible in Kibana

Related topics