Logstash not getting log files properly

DharaniKumar · March 31, 2017, 9:07am

Kibana is not showing any of my logs. Im having this in my logstash config file

logstash-syslog.conf :

input {
file
{
#port => 5044
path => [ "/var/log/*.log", "/var/log/syslog" ]
type => "syslog"
#ssl => true
#ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
#ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}

output {
elasticsearch { hosts => ["localhost"] }
stdout { codec => rubydebug }
}

magnusbaeck · March 31, 2017, 11:37am

Does the Logstash process have permission to read /var/log/syslog?
Have new lines been added to /var/log/syslog since you started Logstash the first time?
Is there anything in the Logstash logs indicating that it's having problems talking to Elasticsearch?

system · April 28, 2017, 11:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash not getting any syslog Logstash	11	2970	July 6, 2017
Config Logstash for Syslog Logstash	5	1328	April 4, 2017
No results found in Kibana Logstash	14	6828	July 6, 2017
Syslog data that is going into logstash not being picked up by elasticsearch Logstash	3	267	November 5, 2020
Logstash not able to create index Logstash	20	1439	August 12, 2020

Logstash not getting log files properly

Related topics