Logstash is not creating index in Elasticsearch

Elastic Stack Logstash
1

Hello,

I am running ELK stack in docker container. Everything is working fine.

However I am having an issue with Logstash, that whenever I use a input type file and provide a path to my logfile, the Logstash is not creating an index in the Kibana UI.
But when I use input type as stdin, it creates the index, only issue is with input type as file.

I checked that logstash is having permissions to access the logfile.

My pipeline example is as below.

  file {
    type => log
    path => ["/data/logstash/nginx-error.log"]
    start_position => "beginning"
    sincedb_path => "/dev/null"
#    ignore_older => 0
  }
}

output {
    elasticsearch{
      hosts => ["https://elasticsearch-node1:9200"]
      user => "admin"
      password => "admin"
      action => "create"
      index => "index_nginx-test-%{+YYYY.MM.dd}"
      ssl => false
      ssl_certificate_verification => false
    }
}```


Please suggest if I am missing anything or the configuration is not correct.
2

Hi @ravis85

Welcome to the community!

Did you check if the logs are being captured correctly on stdout? maybe it is not creating the index because the logs are not being captured.

you can test by including in the output:

    output {
       stdout { codec => json }
     }

if everything is OK, check the logstash logs if there is any problem communicating with Elasticsearch.

1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.