Logstash not uploading data on ES

niraj_pandey · February 9, 2018, 6:27am

Hi,

I have created a template and now using logstash to push the data on elasticsearch.
And I see it's created the index but not uploaded the data. Any idea ?

Here is template:

PUT _template/ltemplsbacct
{
"index_patterns": ["lsbacct*","new_lsbacct*","lsbacct_new*","acct*","abc*"],
"settings": {
"number_of_shards": 1
},
"mappings": {
"type1": {
"_source": {
"enabled": false
},

"properties": {
      "@timestamp": {
        "type": "date"
      },
      "@version": {
        "type": "text",
        "fields": {
          "keyword": {
            "type": "keyword",
            "ignore_above": 256
          }
        }
      },
      "CWD": {
        "type": "text",
        "fields": {
          "keyword": {
            "type": "keyword",
            "ignore_above": 256
          }
        }

} }
}

Here is input.conf and output.conf

input.conf:

input {
file {
path => "/tmp/t.txt"
start_position => "beginning"
type => 'acct'
tags => ["acct"]
add_field => {"cluster" => "xyz" }
}

output.conf:

output {
if [type] == "lsbacct"{
elasticsearch {
hosts => "localhost:9200"
index => "acctlsb-%{+YYYY.MM.dd}"
}
#stdout{}
}

filte.conf is empty

niraj_pandey · February 9, 2018, 6:28am

While the same is working perfect if I do this without using template

magnusbaeck · February 9, 2018, 7:34am

Have you looked in the Logstash log for clues?

niraj_pandey · February 9, 2018, 8:17am

Got it. Found the clue from elasticsearch logs.
My mapping was carrying more than one type

But now facing another issue. On kibana Discover page under Available Fields all the fileds are not visible , while i can see those field under visualize when creating some graph.

system · March 9, 2018, 8:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.