Logstash not getting log files properly

Kibana is not showing any of my logs. Im having this in my logstash config file

logstash-syslog.conf :

input {
file
{
#port => 5044
path => [ "/var/log/*.log", "/var/log/syslog" ]
type => "syslog"
#ssl => true
#ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
#ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}

output {
elasticsearch { hosts => ["localhost"] }
stdout { codec => rubydebug }
}

  • Does the Logstash process have permission to read /var/log/syslog?
  • Have new lines been added to /var/log/syslog since you started Logstash the first time?
  • Is there anything in the Logstash logs indicating that it's having problems talking to Elasticsearch?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.