Logstash not writing to ElasticSearch

mad · January 2, 2019, 5:37pm

I am using the following -> filebeat->logstash->elasticsearch
I am getting 2 types of logs, Apache and Log4J, and trying to create different indexes

output {
if [flow] == "apache" {
elasticsearch {
hosts => ["xx.xx.xx.xx:9200"]
index => "apachelogs-%{+YYYY.MM.dd}"
}
}
else if [flow] == "log4j" {
elasticsearch {
hosts => ["xx.xx.xx.xx:9200"]
index => "jbosslogs-%{+YYYY.MM.dd}"
}
}
}

Does not create any indexes in Elasticsearch, however, there are no errors in logstash or Elasticsearch that I can see.
My filebeats.yml file reads like this

type: log

enabled: true
paths:

/opt/httpd/logs/xxxxx-access*
fields:
flow: apache
application: myapp

Everything was working fine till I added the fork on the output section.
Can anyone suggest what could be the reason? Or something that I am doing wrong above

Christian_Dahlqvist · January 2, 2019, 5:55pm

During development it often helps to output events to stdout with the rubydebug codec so you can look at the structure. If you have indented your Filebeat config file correctly (hard to tell given the formatting) I believe the field should end up under [fields][flow] and not [flow].

system · January 30, 2019, 5:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat V7.4.1 output.elasticsearch not writing to defined index "logstash" Beats filebeat	6	618	November 26, 2019
Logstash is not naming indices based on Filebeat tags Beats filebeat	2	450	January 8, 2019
Logs not being indexed in Elasticsearch from Redis Logstash	3	348	August 6, 2019
Logstash not creating index on elasticsearch Logstash	5	4704	May 17, 2017
Logstash not creating index Elasticsearch	3	659	March 27, 2017

Logstash not writing to ElasticSearch

Related topics