Hello everyone,
I am currently trying a basic test setup with apache logs on logstash, but I have a problem, my data is received on kibana/elasticsearch only when I run the following command:
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/apache.conf
And so the problem is that if I stop this command and logstash is running normally, I have no errors but no data appears, and another weird thing, when I'm in debugging mode, it seems to me from the tutorials I've seen that I'm supposed to see the data in real time, but that's not the case.
If anyone has an idea.. Btw I'm on version 8.7
Here is my logstash configuration:
root@srv-elk:/etc/logstash/conf.d# cat /etc/logstash/conf.d/apache.conf | grep ^[^#]
input {
file {
path => "/var/log/apache2/access.log"
#start_position => "beginning"
#ignore_older => 0
#sincedb_path => "NUL"
#delimiter => "\r"
}
}
filter {
grok {
#patterns_dir => [ "/etc/logstash/patterns.d"]
match => [ "message" , "%{COMBINEDAPACHELOG}" ]
}
date {
match => ["timestamp","dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch {
hosts => ["https://localhost"]
user => "elastic"
password => "ozPpuZ0=ypPMUHJLkobf"
index => "apache-%{+YYYY.MM.dd}"
ssl => true
cacert => "/http_ca.crt"
}
}
And for elasticsearch:
root@srv-elk:/etc/logstash/conf.d# cat /etc/elasticsearch/elasticsearch.yml | grep ^[^#]
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
discovery.type: single-node
network.host: "172.16.10.62"
http.port: 9200
discovery.seed_hosts: [""]
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
http.host: "localhost"