Hi,
I have installed ELK 5.2.2 and x-pack 5.2.2
After installing x-pack, logstash-* index is not getting created.
logstash.conf file is as below
input {
lumberjack {
port => 5044
type => "logs"
ssl_certificate => "key_path"
ssl_key => "key_path"
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGLINE}" }
}
mutate {
split => { "message" => "~" }
}
json{
source => "message"
}
date {
match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch {
hosts => ":9200" index => "logstash-%{+YYYY.MM.dd}" user => "logstash_user" password => ""
}
stdout {codec => rubydebug}
}
logstash_user belongs to role logstash_reader and logstash_writer
curl -u logstash_user 'http://:9200/_xpack/security/_authenticate?pretty=true'
Enter host password for user 'logstash_user':
{
"username" : "logstash_user",
"roles" : [
"logstash_system",
"logstash_reader",
"logstash_writer",
"monitoring_user",
"superuser",
"reporting_user"
],
"full_name" : "Internal Logstash User",
"email" : "",
"metadata" : { },
"enabled" : true
}
Done all possible steps that are present in below link
https://www.elastic.co/guide/en/x-pack/5.2/logstash.html
Logstash is not parsing the log and also not creating logstash-* index. logstash-forwader is installed to forward the logs to logstash
Can you please help to understand this issue?