Logtrail plugin is not displaying the data

Elastic Stack Logstash
1

Hi,

I have installed logtrail plugin in Kibana, I am not able to see the data in logtrail, but I am able to view the data in Kibana dashboard.
Here is my logtrail.json file:

{
"index_patterns" : [
{
"es": {
"default_index": "filebeat-*",
"allow_url_parameter": false
},
"tail_interval_in_seconds": 10,
"es_index_time_offset_in_seconds": 0,
"display_timezone": "Etc/UTC",
"display_timestamp_format": "MMM DD HH:mm:ss",
"max_buckets": 500,
"default_time_range_in_days" : 0,
"max_hosts": 100,
"max_events_to_keep_in_viewer": 5000,
"fields" : {
"mapping" : {
"timestamp" : "@timestamp",
"display_timestamp" : "@timestamp",
"hostname" : "hostname",
"program": "program",
"message": "syslog_message"
},
"message_format": "{{{syslog_message}}}"
},
"color_mapping" : {
"field": "level",
"mapping" : {
"0": "#ff0000",
"1": "#ff3232",
"2": "#ff4c4c",
"3": "#ff7f24",
"4": "#ffb90f",
"5": "#a2cd5a"
}
}
}
]
}

2

Here is my Logstash Conf file:

input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}

output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

3

Please help me in resolving this, I got struck here for past two days :frowning_face:

4

You could try moving this to the Kibana forum rather than Logstash, but logtrail is not an elastic product and there may not be anyone here familiar with it.

5

Thanks Badger,

I will move this to Kibana.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.