Logstash not getting log files properly

DharaniKumar · March 31, 2017, 9:07am

Kibana is not showing any of my logs. Im having this in my logstash config file

logstash-syslog.conf :

input {
file
{
#port => 5044
path => [ "/var/log/*.log", "/var/log/syslog" ]
type => "syslog"
#ssl => true
#ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
#ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}

output {
elasticsearch { hosts => ["localhost"] }
stdout { codec => rubydebug }
}

magnusbaeck · March 31, 2017, 11:37am

Does the Logstash process have permission to read /var/log/syslog?
Have new lines been added to /var/log/syslog since you started Logstash the first time?
Is there anything in the Logstash logs indicating that it's having problems talking to Elasticsearch?

Topic		Replies	Views
Logstash doesn't communicate with Elasticsearch Logstash	6	1069	March 6, 2018
Logstash not getting any syslog Logstash	11	3058	July 6, 2017
Syslog configuration output Logstash	2	621	July 6, 2017
After applied the tutorial "Getting start with Elasticsearch security" Logstash receive Syslog data but Kibana can’t show it Logstash elastic-stack-security	4	391	December 28, 2020
Recieves Syslogdata, but not visibel in Kibana Logstash	5	390	April 3, 2017

Logstash not getting log files properly

Related topics