Logstash not getting log files properly

DharaniKumar · March 31, 2017, 9:07am

Kibana is not showing any of my logs. Im having this in my logstash config file

logstash-syslog.conf :

input {
file
{
#port => 5044
path => [ "/var/log/*.log", "/var/log/syslog" ]
type => "syslog"
#ssl => true
#ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
#ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}

output {
elasticsearch { hosts => ["localhost"] }
stdout { codec => rubydebug }
}

magnusbaeck · March 31, 2017, 11:37am

Does the Logstash process have permission to read /var/log/syslog?
Have new lines been added to /var/log/syslog since you started Logstash the first time?
Is there anything in the Logstash logs indicating that it's having problems talking to Elasticsearch?

system · April 28, 2017, 11:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Config Logstash for Syslog Logstash	5	1328	April 4, 2017
Syslog data that is going into logstash not being picked up by elasticsearch Logstash	3	267	November 5, 2020
Logstash not able to create index Logstash	20	1437	August 12, 2020
General Help Logstash	3	243	May 21, 2020
Having problem getting syslog to show on Elasticsearch Logstash	5	791	June 15, 2021

Logstash not getting log files properly

Related Topics