Logstash not creating indexes

Elastic Stack Logstash
1

Hi team,
i am new and trying to a new setup and trying to setup for snmptraps.

conf file:
input {
snmptrap {
type => "traps"
community => "public"
host => "0.0.0.0"
port => 1062
codec => "collectd"
yamlmibdir => "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/snmp-1.2.0/data/ruby/snmp/mibs"
}
}
filter {
ruby {
code => "event['time_difference']= (Time.parse(event['received_at']).to_i) - (Time.parse(event['@timestamp']).to_i)"
}
}
output {
elasticsearch {
hosts => ['localhost:9200']
}
stdout {
codec => rubydebug { metadata => true }
}
}

Logstash log message output:
[2017-05-31T13:54:31,703][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
[2017-05-31T13:54:31,707][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://localhost:9200/, :path=>"/"}
[2017-05-31T13:54:31,794][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>#<URI::HTTP:0x26f05a5 URL:http://localhost:9200/>}
[2017-05-31T13:54:31,796][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2017-05-31T13:54:31,843][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword"}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2017-05-31T13:54:31,848][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#<URI::Generic:0x648457f6 URL://localhost>]}
[2017-05-31T13:54:31,851][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
[2017-05-31T13:54:32,043][INFO ][logstash.pipeline ] Pipeline main started
[2017-05-31T13:54:32,096][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

but nothing gets created..

Any suggestion?

regards
CS

2

make sure that you put stdout { codec => rubydebug } in the output section. such as this

> output {                                                        #The output section tells where the output will go
>     elasticsearch{                                              #Output will be going to elasticsearch  
>       hosts => ["elasticsearch:9200"]                           
>       index => "finalindex"                              #name of the index that the output will be stored
>     }
>     stdout { codec => rubydebug }                               #Outputs the contents of the message to the command prompt
> }

if you still arent getting any output then you likely have an issue with how you are getting your input

3

Hi Jaxon,
Thanks for your reply, will check that now.
Regards
CS

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.