Logstash not uploading data on ES

Elastic Stack Logstash
1

Hi,

I have created a template and now using logstash to push the data on elasticsearch.
And I see it's created the index but not uploaded the data. Any idea ?

Here is template:

PUT _template/ltemplsbacct
{
"index_patterns": ["lsbacct*","new_lsbacct*","lsbacct_new*","acct*","abc*"],
"settings": {
"number_of_shards": 1
},
"mappings": {
"type1": {
"_source": {
"enabled": false
},

"properties": {
      "@timestamp": {
        "type": "date"
      },
      "@version": {
        "type": "text",
        "fields": {
          "keyword": {
            "type": "keyword",
            "ignore_above": 256
          }
        }
      },
      "CWD": {
        "type": "text",
        "fields": {
          "keyword": {
            "type": "keyword",
            "ignore_above": 256
          }
        }

} }
}

Here is input.conf and output.conf

input.conf:

input {
file {
path => "/tmp/t.txt"
start_position => "beginning"
type => 'acct'
tags => ["acct"]
add_field => {"cluster" => "xyz" }
}

output.conf:

output {
if [type] == "lsbacct"{
elasticsearch {
hosts => "localhost:9200"
index => "acctlsb-%{+YYYY.MM.dd}"
}
#stdout{}
}

filte.conf is empty

2

While the same is working perfect if I do this without using template

3

Have you looked in the Logstash log for clues?

4

Got it. Found the clue from elasticsearch logs.
My mapping was carrying more than one type :frowning:

But now facing another issue. On kibana Discover page under Available Fields all the fileds are not visible , while i can see those field under visualize when creating some graph.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.