Hello
I have just installed ELK on my Linux Debian, and i can access kibana.
But i just seem to get No results found :(. I have config a fortigate firewall and juniper switch to syslog everything to the server.
But still i cant see anything. Is there any logs that i can check to see to find any information regarding this ?
In the /var/log/logstash.err is empty, logstash.log is showing :
{:timestamp=>"2015-12-21T13:41:32.792000+0100", :message=>"SIGTERM received. Shutting down the pipeline.", :level=>:warn}
{:timestamp=>"2015-12-21T14:21:33.948000+0100", :message=>"SIGTERM received. Shutting down the pipeline.", :level=>:warn}
cat logstash.stdout
Sending logstash logs to /var/log/logstash/logstash.log.
Hello
I cant seem to find where i can change the logging to debug. i would think that it be /etc/logstash/conf.d but my syslog.conf is only showing :
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
Where can change the logging to be on debug?
Thank you
Hello
You where correct good sir, /etc/default. I found the logstash file
Iam correct to assume that i can add a level like "#level: debug" . Or is this incorrect ?
Hello
I have edit the LS_OPTS to show #LS_OPTS="--debug" But even after restarting logstash as a services. i dont see anything in the logstash.err, logstash.log , logstash.stdout. I cant seem to find a sepreat debug log either.
Have i missed something ?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.