Hello guys, I'm newbie to ELK and i was trying to connect Logstash to Kibana/Elastic with my own configuration. Logstash seems to be running, but Kibana can't see any data, when i try to create index pattern. Here is my logstash.conf file
input { file { path => "/var/log/messages" tags => "smidz" } } filter { if "smidz" in [tags] { grok { match => { "message" => "%{SYSLOGTIMESTAMP:time} %{SYSLOGHOST:host} %{DATA:program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:message}" } overwrite => [ "message" ] add_field => {"index_nr" => "111111,222222"} } if "_grokparsefailure" in [tags] { drop{} } } } output { if "smidz" in [tags] { elasticsearch{ hosts => "localhost" index => "example_%{tags}" } } stdout{} }
I'm using "sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf" command to start Logstash, it seems to be working, however the kibana display that i don't have any data.