Logstash not shipping data to Elasticsearch

Rios · February 25, 2023, 6:48pm

logstash.yml - parameters related how will LS run, batch size, log info/debug/..., xpack settings etc.
syslog.conf - configuration related to data processing - input, filter, output.

As always said, and again... add debug in output:

output {
    elasticsearch {
      hosts => ["http://server:9200"]
      index => "indexname"
    } 

    stdout {codec => rubydebug}
}

Check is there any data displayed in the command line. Start LS as process not as service.
Check does your data come to LS
curl http://localhost:9200/_nodes/stats/pipelines?pretty
If there is no data, make another syslog-nofiltering.conf

input { ... same, copy from /etc/logstash/conf.d/syslog.conf ... }
filter {} # emty, no filtering
output { stdout {codec => rubydebug} }

Use tcpdump to dump network data for your port.

Topic		Replies	Views
Logstash not able to pass data to elasticsearch Elasticsearch	5	1550	July 5, 2017
Logstash does not output to ES Logstash	4	655	January 15, 2020
Filebeat pushs syslog logs to elasticsearch through Logstash Beats filebeat	4	1068	November 22, 2019
[Docker] Logstash not sending any data to elasticsearch Logstash	1	430	June 22, 2019
How to send data via Logstash Logstash	11	1507	December 28, 2021

Logstash not shipping data to Elasticsearch

Related topics