Logstash doesn't communicate with Elasticsearch

Elastic Stack Logstash
1

Hi,

"I'm novice in Elastic Stack !!! "

My Elasticsearch and Kibana on Linux Ubuntu working well. I receive log from beats but my logstash seems to do not communicate with elasticsearch.

Logstash on my server shoud read directly log files on server.

Could you please help me.

Regards

my conf in /etc/logstash/conf.d is :

input {
file {
path => ["/var/log/*"]
type => "syslog"
}
}

filter {
}

output {
elasticsearch {
hosts => ["localhost:9200"]
stdout { codec => rubydebug { metadata => true }
}

2

Is Logstash reading any logs at all? Comment out your elasticsearch filter and use only your stdout output to find out. Have you looked in your Logstash log for clues about any ES connection problems?

3

Thank you for replying.

I changed my conf into :

input {
file {
path => ["/var/log/*"]
type => "syslog"
}
}

filter {
}

output {
stdout { }
}

but still noting happed.

in my log

/usr/share/logstash/logs/logstash-plain.log

I have repeatedly these two lines :

[2018-02-05T15:23:55,483][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}

[2018-02-05T15:23:55,489][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/usr/share/logstash/modules/fb_apache/configuration"}

Regards

4

Does the Logstash process have permissions to read the files in /var/log? Are those files changing at any point?

5

Hi Magnus,

yes, I has the permission to read the logs.
As the server is for Elastic Stack product validation, there is not lots of logs. But in any case, I should be able to see the old entries in Kibana.

could you please tell also me why I have repeaded logs in
/usr/share/logstash/logs/logstash-plain.log

as folow :

[2018-02-06T11:57:10,664][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[2018-02-06T11:57:10,666][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/usr/share/logstash/modules/fb_apache/configuration"}

Which communication protocol is used between logstash and lesaticsearch ?

Many thanks

6

But in any case, I should be able to see the old entries in Kibana.

Not without start_position => "beginning" in the file input configuration.

Which communication protocol is used between logstash and lesaticsearch ?

HTTP.

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.